Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
naviwebs vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-13798
An issue exists in Navigate CMS up to and including 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/feeds/feed.class.php.
Naviwebs Navigate Cms
9.8
CVSSv3
CVE-2020-14067
The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php.
Naviwebs Navigatecms 2.9
5.4
CVSSv3
CVE-2020-23654
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the module "Shop."
Naviwebs Navigatecms 2.9
5.4
CVSSv3
CVE-2020-23656
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Content."
Naviwebs Navigatecms 2.9
4.8
CVSSv3
CVE-2020-23242
Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools feature.
Naviwebs Navigatecms 2.9
5.4
CVSSv3
CVE-2020-23655
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration."
Naviwebs Navigatecms 2.9
5.4
CVSSv3
CVE-2020-23657
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration."
Naviwebs Navigatecms 2.9
5.4
CVSSv3
CVE-2018-18029
Navigate CMS has Stored XSS via the navigate.php Title field in an edit action.
Naviwebs Navigate Cms -
7.5
CVSSv3
CVE-2020-14015
An issue exists in Navigate CMS 2.9 r1433. When performing a password reset, a user is emailed an activation code that allows them to reset their password. There is, however, a flaw when no activation code is supplied. The system will allow an unauthorized user to continue settin...
Naviwebs Navigate Cms 2.9
5.3
CVSSv3
CVE-2020-14016
An issue exists in Navigate CMS 2.9 r1433. The forgot-password feature allows users to reset their passwords by using either their username or the email address associated with their account. However, the feature returns a not_found message when the provided username or email add...
Naviwebs Navigate Cms 2.9
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »