Vulnerabilities > Naviwebs > Navigatecms

DATE CVE VULNERABILITY TITLE RISK
2020-08-26 CVE-2020-23654 Cross-site Scripting vulnerability in Naviwebs Navigatecms 2.9
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the module "Shop."
network
low complexity
naviwebs CWE-79
5.4
5.4
2020-06-15 CVE-2020-14067 Unrestricted Upload of File with Dangerous Type vulnerability in Naviwebs Navigatecms 2.9
The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php.
network
low complexity
naviwebs CWE-434
critical
 9.8
9.8