Product
naviwebs navigate cms
34 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2020-37054
CVE-2020-37053
CVE-2022-28117
CVE-2021-44299
CVE-2021-44351
CVE-2021-36455
CVE-2021-36454
CVE-2020-23243
CVE-2020-23242
CVE-2021-37478
CVE-2021-37477
CVE-2021-37476
CVE-2021-37475
CVE-2021-37473
CVE-2020-23711
CVE-2020-23657
CVE-2020-23656
CVE-2020-23655
CVE-2020-23654
CVE-2020-14018
CVE-2020-14017
CVE-2020-14016
CVE-2020-14015
CVE-2020-14014
CVE-2020-14927
CVE-2020-14067
CVE-2020-13798
CVE-2020-13797
CVE-2020-13796
CVE-2020-13795
CVE-2018-18029
CVE-2018-17849
CVE-2018-17553
CVE-2018-17552
all versions
Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions throug
all versions
Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by man
all versions
A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application
all versions
A reflected cross-site scripting (XSS) vulnerability in \lib\packages\themes\themes.php of Navigate CMS v2.9.4 allows authenticate
all versions
An arbitrary file read vulnerability exists in NavigateCMS 2.9 via /navigate/navigate_download.php id parameter.
all versions
SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php.
all versions
Cross Site Scripting (XSS) vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1) backups\backups.php
all versions
Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9 via the name="wrong_path_redirect" feature.
all versions
Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools feature.
<= 2.9.4
In NavigateCMS version 2.9.4 and below, function
block is vulnerable to sql injection on parameter block-order, which results<= 2.9.4
In NavigateCMS version 2.9.4 and below, function in
structure.php is vulnerable to sql injection on parameter children_order,<= 2.9.4
In NavigateCMS version 2.9.4 and below, function in
product.php is vulnerable to sql injection on parameter id through a post<= 2.9.4
In NavigateCMS version 2.9.4 and below, function in
templates.php is vulnerable to sql injection on parameter `template-properti<= 2.9.4
In NavigateCMS version 2.9.4 and below, function in
product.php is vulnerable to sql injection on parameter products-order thrall versions
SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php.
all versions
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration."
all versions
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Content."
all versions
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration."
all versions
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the module "Shop."
all versions
An issue was discovered in Navigate CMS 2.9 r1433. There is a stored XSS vulnerability that is executed on the page to view users,
all versions
An issue was discovered in Navigate CMS 2.9 r1433. Sessions, as well as associated information such as CSRF tokens, are stored in
all versions
An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to reset their passwords by using eith
all versions
An issue was discovered in Navigate CMS 2.9 r1433. When performing a password reset, a user is emailed an activation code that all
all versions
An issue was discovered in Navigate CMS 2.8 and 2.9 r1433. The query parameter fid on the resource navigate.php does not perform s
all versions
Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the "Web Sites > Create > Aliases > Add" screen.
all versions
The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP a
<= 2.8.7
An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/feeds/feed.
<= 2.8.7
An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/websites/we
<= 2.8.7
An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/structure/s
<= 2.8.7
An issue was discovered in Navigate CMS through 2.8.7. It allows Directory Traversal because lib/packages/templates/template.class
all versions
Navigate CMS has Stored XSS via the navigate.php Title field in an edit action.
all versions
Navigate CMS 2.8 has Stored XSS via a navigate_upload.php (aka File Upload) request with a multipart/form-data JavaScript payload.
all versions
An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CM
all versions
SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user coo