Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
navigate cms vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2020-14014
An issue exists in Navigate CMS 2.8 and 2.9 r1433. The query parameter fid on the resource navigate.php does not perform sufficient data validation and/or encoding, making it vulnerable to reflected XSS.
Naviwebs Navigate Cms 2.8
Naviwebs Navigate Cms 2.9
5.3
CVSSv3
CVE-2020-13795
An issue exists in Navigate CMS up to and including 2.8.7. It allows Directory Traversal because lib/packages/templates/template.class.php mishandles ../ and ..\ substrings.
Naviwebs Navigate Cms
6.1
CVSSv3
CVE-2020-13796
An issue exists in Navigate CMS up to and including 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/structure/structure.class.php.
Naviwebs Navigate Cms
6.1
CVSSv3
CVE-2020-13797
An issue exists in Navigate CMS up to and including 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/websites/website.class.php.
Naviwebs Navigate Cms
6.1
CVSSv3
CVE-2020-13798
An issue exists in Navigate CMS up to and including 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/feeds/feed.class.php.
Naviwebs Navigate Cms
5.4
CVSSv3
CVE-2018-18029
Navigate CMS has Stored XSS via the navigate.php Title field in an edit action.
Naviwebs Navigate Cms -
4.9
CVSSv3
CVE-2022-28117
A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote malicious users to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter.
Naviwebs Navigate Cms 2.9.4
2 Github repositories
5.4
CVSSv3
CVE-2021-36454
Cross Site Scripting (XSS) vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1) backups\backups.php, 2) blocks\blocks.php, 3) brands\brands.php, 4) comments\comments.php, 5) coupons\coupons.php, 6) feeds\feeds.php, 7) functions\functions.php, 8) ite...
Naviwebs Navigate Cms 2.9
8.8
CVSSv3
CVE-2021-36455
SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php.
Naviwebs Navigate Cms 2.9
5.4
CVSSv3
CVE-2021-44299
A reflected cross-site scripting (XSS) vulnerability in \lib\packages\themes\themes.php of Navigate CMS v2.9.4 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload.
Naviwebs Navigate Cms 2.9.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »