Vulnerabilities > Naviwebs > Navigate CMS > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-04-28 CVE-2022-28117 Server-Side Request Forgery (SSRF) vulnerability in Naviwebs Navigate CMS 2.9.4
A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter.
network
low complexity
naviwebs CWE-918
4.9
4.9
2022-01-19 CVE-2021-44299 Cross-site Scripting vulnerability in Naviwebs Navigate CMS 2.9.4
A reflected cross-site scripting (XSS) vulnerability in \lib\packages\themes\themes.php of Navigate CMS v2.9.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.
network
low complexity
naviwebs CWE-79
5.4
5.4
2021-08-06 CVE-2021-36454 Cross-site Scripting vulnerability in Naviwebs Navigate CMS 2.9
Cross Site Scripting (XSS) vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1) backups\backups.php, 2) blocks\blocks.php, 3) brands\brands.php, 4) comments\comments.php, 5) coupons\coupons.php, 6) feeds\feeds.php, 7) functions\functions.php, 8) items\items.php, 9) menus\menus.php, 10) orders\orders.php, 11) payment_methods\payment_methods.php, 12) products\products.php, 13) profiles\profiles.php, 14) shipping_methods\shipping_methods.php, 15) templates\templates.php, 16) users\users.php, 17) webdictionary\webdictionary.php, 18) websites\websites.php, and 19) webusers\webusers.php because the initial_url function is built in these files.
network
low complexity
naviwebs CWE-79
5.4
5.4
2020-06-24 CVE-2020-14018 Cross-site Scripting vulnerability in Naviwebs Navigate CMS 2.9
An issue was discovered in Navigate CMS 2.9 r1433.
network
low complexity
naviwebs CWE-79
6.1
6.1
2020-06-24 CVE-2020-14016 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Naviwebs Navigate CMS 2.9
An issue was discovered in Navigate CMS 2.9 r1433.
network
low complexity
naviwebs CWE-640
5.3
5.3
2020-06-24 CVE-2020-14014 Cross-site Scripting vulnerability in Naviwebs Navigate CMS 2.8/2.9
An issue was discovered in Navigate CMS 2.8 and 2.9 r1433.
network
low complexity
naviwebs CWE-79
5.4
5.4
2020-06-19 CVE-2020-14927 Cross-site Scripting vulnerability in Naviwebs Navigate CMS 2.9
Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the "Web Sites > Create > Aliases > Add" screen.
network
low complexity
naviwebs CWE-79
4.8
4.8
2020-06-03 CVE-2020-13798 Cross-site Scripting vulnerability in Naviwebs Navigate CMS
An issue was discovered in Navigate CMS through 2.8.7.
network
low complexity
naviwebs CWE-79
6.1
6.1
2020-06-03 CVE-2020-13797 Cross-site Scripting vulnerability in Naviwebs Navigate CMS
An issue was discovered in Navigate CMS through 2.8.7.
network
low complexity
naviwebs CWE-79
6.1
6.1
2020-06-03 CVE-2020-13796 Cross-site Scripting vulnerability in Naviwebs Navigate CMS
An issue was discovered in Navigate CMS through 2.8.7.
network
low complexity
naviwebs CWE-79
6.1
6.1