Naviwebs

Navigate Cms

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2020-37054

Exploit
  • EPSS 0.01%
  • Veröffentlicht 30.01.2026 22:07:19
  • Zuletzt bearbeitet 13.02.2026 17:51:05

Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. Attackers can trick authenticated administrators into executing arbitrary file uploads by leverag...

6.5

CVE-2020-37053

Exploit
  • EPSS 0.01%
  • Veröffentlicht 30.01.2026 22:07:19
  • Zuletzt bearbeitet 13.02.2026 17:52:30

Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the vulnerability to extract user activation keys by u...

4.9

CVE-2022-28117

Exploit
  • EPSS 71.11%
  • Veröffentlicht 28.04.2022 15:15:10
  • Zuletzt bearbeitet 21.11.2024 06:56:47

A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter.

5.4

CVE-2021-44299

Exploit
  • EPSS 0.22%
  • Veröffentlicht 19.01.2022 18:15:07
  • Zuletzt bearbeitet 21.11.2024 06:30:42

A reflected cross-site scripting (XSS) vulnerability in \lib\packages\themes\themes.php of Navigate CMS v2.9.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.

7.5

CVE-2021-44351

Exploit
  • EPSS 0.81%
  • Veröffentlicht 06.01.2022 12:15:08
  • Zuletzt bearbeitet 21.11.2024 06:30:45

An arbitrary file read vulnerability exists in NavigateCMS 2.9 via /navigate/navigate_download.php id parameter.

8.8

CVE-2021-36455

Exploit
  • EPSS 0.45%
  • Veröffentlicht 06.08.2021 16:15:07
  • Zuletzt bearbeitet 21.11.2024 06:13:44

SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php.

5.4

CVE-2021-36454

Exploit
  • EPSS 0.3%
  • Veröffentlicht 06.08.2021 16:15:06
  • Zuletzt bearbeitet 21.11.2024 06:13:44

Cross Site Scripting (XSS) vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1) backups\backups.php, 2) blocks\blocks.php, 3) brands\brands.php, 4) comments\comments.php, 5) coupons\coupons.php, 6) feeds\feeds.php, 7) f...

9.8

CVE-2020-23711

Exploit
  • EPSS 0.51%
  • Veröffentlicht 28.06.2021 17:15:07
  • Zuletzt bearbeitet 21.11.2024 05:14:01

SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php.

5.3

CVE-2020-14016

Exploit
  • EPSS 0.39%
  • Veröffentlicht 24.06.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:02:21

An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to reset their passwords by using either their username or the email address associated with their account. However, the feature returns a not_found message w...

6.1

CVE-2020-14018

Exploit
  • EPSS 0.21%
  • Veröffentlicht 24.06.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:02:21

An issue was discovered in Navigate CMS 2.9 r1433. There is a stored XSS vulnerability that is executed on the page to view users, and on the page to edit users. This is present in both the User field and the E-Mail field. On the Edit user page, the ...