Naviwebs

naviwebs

34 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (34)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-37054 1Naviwebs 1Navigate Cms Feb 13, 2026 Jan 30, 2026 5.1 MEDIUM· v4 8.8 HIGH· v3 N/A· v2 Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. Attackers can trick authenticated administrators into executing arb...Show more Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. Attackers can trick authenticated administrators into executing arbitrary file uploads by leveraging the extension upload functionality without additional validation.Show less
CVE-2020-37053 1Naviwebs 1Navigate Cms Feb 13, 2026 Jan 30, 2026 7.1 HIGH· v4 6.5 MEDIUM· v3 N/A· v2 Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the vulnerability to ext...Show more Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the vulnerability to extract user activation keys by using time-based blind SQL injection techniques, potentially enabling password reset for administrative accounts.Show less
CVE-2022-28117 1Naviwebs 1Navigate Cms Nov 21, 2024 Apr 28, 2022 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter.
CVE-2021-44299 1Naviwebs 1Navigate Cms Nov 21, 2024 Jan 19, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A reflected cross-site scripting (XSS) vulnerability in \lib\packages\themes\themes.php of Navigate CMS v2.9.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2021-44351 1Naviwebs 1Navigate Cms Nov 21, 2024 Jan 6, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An arbitrary file read vulnerability exists in NavigateCMS 2.9 via /navigate/navigate_download.php id parameter.
CVE-2021-36455 1Naviwebs 1Navigate Cms Nov 21, 2024 Aug 6, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php.
CVE-2021-36454 1Naviwebs 1Navigate Cms Nov 21, 2024 Aug 6, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross Site Scripting (XSS) vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1) backups\backups.php, 2) blocks\blocks.php, 3) brands\brands.php, 4) comments\comments.php, 5) coupons\coupons...Show more Cross Site Scripting (XSS) vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1) backups\backups.php, 2) blocks\blocks.php, 3) brands\brands.php, 4) comments\comments.php, 5) coupons\coupons.php, 6) feeds\feeds.php, 7) functions\functions.php, 8) items\items.php, 9) menus\menus.php, 10) orders\orders.php, 11) payment_methods\payment_methods.php, 12) products\products.php, 13) profiles\profiles.php, 14) shipping_methods\shipping_methods.php, 15) templates\templates.php, 16) users\users.php, 17) webdictionary\webdictionary.php, 18) websites\websites.php, and 19) webusers\webusers.php because the initial_url function is built in these files.Show less
CVE-2020-23243 1Naviwebs 1Navigatecms Nov 21, 2024 Jul 26, 2021 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Cross Site Scripting (XSS) vulnerability in NavigateCMS NavigateCMS 2.9 via the name="wrong_path_redirect" feature.
CVE-2020-23242 1Naviwebs 1Navigatecms Nov 21, 2024 Jul 26, 2021 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools feature.
CVE-2021-37478 1Naviwebs 1Navigatecms Nov 21, 2024 Jul 26, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In NavigateCMS version 2.9.4 and below, function `block` is vulnerable to sql injection on parameter `block-order`, which results in arbitrary sql query execution in the backend database.
CVE-2021-37477 1Naviwebs 1Navigatecms Nov 21, 2024 Jul 26, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In NavigateCMS version 2.9.4 and below, function in `structure.php` is vulnerable to sql injection on parameter `children_order`, which results in arbitrary sql query execution in the backend database.
CVE-2021-37476 1Naviwebs 1Navigatecms Nov 21, 2024 Jul 26, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `id` through a post request, which results in arbitrary sql query execution in the backend database.
CVE-2021-37475 1Naviwebs 1Navigatecms Nov 21, 2024 Jul 26, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In NavigateCMS version 2.9.4 and below, function in `templates.php` is vulnerable to sql injection on parameter `template-properties-order`, which results in arbitrary sql query execution in the backend database.
CVE-2021-37473 1Naviwebs 1Navigatecms Nov 21, 2024 Jul 26, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `products-order` through a post request, which results in arbitrary sql query execution in the backend databas...Show more In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `products-order` through a post request, which results in arbitrary sql query execution in the backend database.Show less
CVE-2020-23711 1Naviwebs 1Navigate Cms Nov 21, 2024 Jun 28, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php.
CVE-2020-23657 1Naviwebs 1Navigatecms Nov 21, 2024 Aug 26, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration."
CVE-2020-23656 1Naviwebs 1Navigatecms Nov 21, 2024 Aug 26, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Content."
CVE-2020-23655 1Naviwebs 1Navigatecms Nov 21, 2024 Aug 26, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration."
CVE-2020-23654 1Naviwebs 1Navigatecms Nov 21, 2024 Aug 26, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the module "Shop."
CVE-2020-14018 1Naviwebs 1Navigate Cms Nov 21, 2024 Jun 24, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Navigate CMS 2.9 r1433. There is a stored XSS vulnerability that is executed on the page to view users, and on the page to edit users. This is present in both the User field and the E-Mail fiel...Show more An issue was discovered in Navigate CMS 2.9 r1433. There is a stored XSS vulnerability that is executed on the page to view users, and on the page to edit users. This is present in both the User field and the E-Mail field. On the Edit user page, the XSS is only triggered via the E-Mail field; however, on the View user page the XSS is triggered via either the User field or the E-Mail field.Show less

12 Next