Vulnerabilities > Naviwebs

DATE	CVE	VULNERABILITY TITLE	RISK
2021-07-26	CVE-2021-37477	SQL Injection vulnerability in Naviwebs Navigatecms 2.9 In NavigateCMS version 2.9.4 and below, function in `structure.php` is vulnerable to sql injection on parameter `children_order`, which results in arbitrary sql query execution in the backend database. network low complexity naviwebs CWE-89 critical	9.8
2021-07-26	CVE-2021-37478	SQL Injection vulnerability in Naviwebs Navigatecms 2.9 In NavigateCMS version 2.9.4 and below, function `block` is vulnerable to sql injection on parameter `block-order`, which results in arbitrary sql query execution in the backend database. network low complexity naviwebs CWE-89 critical	9.8
2021-06-28	CVE-2020-23711	SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php. network low complexity naviwebs CWE-89 critical	9.8
2020-08-26	CVE-2020-23657	Cross-site Scripting vulnerability in Naviwebs Navigatecms 2.9 NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration." network low complexity naviwebs CWE-79	5.4
2020-08-26	CVE-2020-23656	Cross-site Scripting vulnerability in Naviwebs Navigatecms 2.9 NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Content." network low complexity naviwebs CWE-79	5.4
2020-08-26	CVE-2020-23655	Cross-site Scripting vulnerability in Naviwebs Navigatecms 2.9 NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration." network low complexity naviwebs CWE-79	5.4
2020-08-26	CVE-2020-23654	Cross-site Scripting vulnerability in Naviwebs Navigatecms 2.9 NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the module "Shop." network low complexity naviwebs CWE-79	5.4
2020-06-24	CVE-2020-14018	Cross-site Scripting vulnerability in Naviwebs Navigate CMS 2.9 An issue was discovered in Navigate CMS 2.9 r1433. network low complexity naviwebs CWE-79	6.1
2020-06-24	CVE-2020-14017	Cleartext Storage of Sensitive Information vulnerability in Naviwebs Navigate CMS 2.9 An issue was discovered in Navigate CMS 2.9 r1433. network low complexity naviwebs CWE-312	7.5
2020-06-24	CVE-2020-14016	Weak Password Recovery Mechanism for Forgotten Password vulnerability in Naviwebs Navigate CMS 2.9 An issue was discovered in Navigate CMS 2.9 r1433. network low complexity naviwebs CWE-640	5.3

Vulnerabilities > Naviwebs {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Naviwebs"}]}

Vulnerabilities > Naviwebs