Vulnerabilities > Naviwebs > Navigate CMS > 2.9.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-28 | CVE-2022-28117 | Server-Side Request Forgery (SSRF) vulnerability in Naviwebs Navigate CMS 2.9.4 A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter. | 4.9 |
2022-01-19 | CVE-2021-44299 | Cross-site Scripting vulnerability in Naviwebs Navigate CMS 2.9.4 A reflected cross-site scripting (XSS) vulnerability in \lib\packages\themes\themes.php of Navigate CMS v2.9.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. | 5.4 |