An issue exists in Navigate CMS up to and including 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/websites/website.class.php.
naviwebs navigate cms