NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the module "Shop."
naviwebs navigatecms 2.9