Vulnerabilities > Naviwebs

DATE CVE VULNERABILITY TITLE RISK
2020-06-24 CVE-2020-14015 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Naviwebs Navigate CMS 2.9
An issue was discovered in Navigate CMS 2.9 r1433.
network
low complexity
naviwebs CWE-640
7.5
7.5
2020-06-24 CVE-2020-14014 Cross-site Scripting vulnerability in Naviwebs Navigate CMS 2.8/2.9
An issue was discovered in Navigate CMS 2.8 and 2.9 r1433.
network
low complexity
naviwebs CWE-79
5.4
5.4
2020-06-19 CVE-2020-14927 Cross-site Scripting vulnerability in Naviwebs Navigate CMS 2.9
Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the "Web Sites > Create > Aliases > Add" screen.
network
low complexity
naviwebs CWE-79
4.8
4.8
2020-06-15 CVE-2020-14067 Unrestricted Upload of File with Dangerous Type vulnerability in Naviwebs Navigatecms 2.9
The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php.
network
low complexity
naviwebs CWE-434
critical
 9.8
9.8
2020-06-03 CVE-2020-13798 Cross-site Scripting vulnerability in Naviwebs Navigate CMS
An issue was discovered in Navigate CMS through 2.8.7.
network
low complexity
naviwebs CWE-79
6.1
6.1
2020-06-03 CVE-2020-13797 Cross-site Scripting vulnerability in Naviwebs Navigate CMS
An issue was discovered in Navigate CMS through 2.8.7.
network
low complexity
naviwebs CWE-79
6.1
6.1
2020-06-03 CVE-2020-13796 Cross-site Scripting vulnerability in Naviwebs Navigate CMS
An issue was discovered in Navigate CMS through 2.8.7.
network
low complexity
naviwebs CWE-79
6.1
6.1
2020-06-03 CVE-2020-13795 Path Traversal vulnerability in Naviwebs Navigate CMS
An issue was discovered in Navigate CMS through 2.8.7.
network
low complexity
naviwebs CWE-22
5.3
5.3
2018-10-09 CVE-2018-18029 Cross-site Scripting vulnerability in Naviwebs Navigate CMS
Navigate CMS has Stored XSS via the navigate.php Title field in an edit action.
network
low complexity
naviwebs CWE-79
5.4
5.4
2018-10-04 CVE-2018-17849 Cross-site Scripting vulnerability in Naviwebs Navigate CMS 2.8
Navigate CMS 2.8 has Stored XSS via a navigate_upload.php (aka File Upload) request with a multipart/form-data JavaScript payload.
network
low complexity
naviwebs CWE-79
5.4
5.4