Vulnerabilities > Naviwebs > Navigate CMS > 2.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-24 | CVE-2020-14014 | Cross-site Scripting vulnerability in Naviwebs Navigate CMS 2.8/2.9 An issue was discovered in Navigate CMS 2.8 and 2.9 r1433. | 5.4 |
| 2020-06-03 | CVE-2020-13798 | Cross-site Scripting vulnerability in Naviwebs Navigate CMS An issue was discovered in Navigate CMS through 2.8.7. | 6.1 |
| 2020-06-03 | CVE-2020-13797 | Cross-site Scripting vulnerability in Naviwebs Navigate CMS An issue was discovered in Navigate CMS through 2.8.7. | 6.1 |
| 2020-06-03 | CVE-2020-13796 | Cross-site Scripting vulnerability in Naviwebs Navigate CMS An issue was discovered in Navigate CMS through 2.8.7. | 6.1 |
| 2020-06-03 | CVE-2020-13795 | Path Traversal vulnerability in Naviwebs Navigate CMS An issue was discovered in Navigate CMS through 2.8.7. | 5.3 |
| 2018-10-04 | CVE-2018-17849 | Cross-site Scripting vulnerability in Naviwebs Navigate CMS 2.8 Navigate CMS 2.8 has Stored XSS via a navigate_upload.php (aka File Upload) request with a multipart/form-data JavaScript payload. | 5.4 |
| 2018-10-03 | CVE-2018-17553 | Unrestricted Upload of File with Dangerous Type vulnerability in Naviwebs Navigate CMS 2.8 An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution via a POST request with engine=picnik and id=../../../navigate_info.php. | 8.8 |
| 2018-10-03 | CVE-2018-17552 | SQL Injection vulnerability in Naviwebs Navigate CMS 2.8 SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie. | 9.8 |