An issue exists in Navigate CMS 2.8 and 2.9 r1433. The query parameter fid on the resource navigate.php does not perform sufficient data validation and/or encoding, making it vulnerable to reflected XSS.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
naviwebs navigate cms 2.8 |
||
naviwebs navigate cms 2.9 |