198 matches found
CVE-2020-14016
An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to reset their passwords by using either their username or the email address associated with their account. However, the feature returns a notfound message when the provided username or email address does...
CVE-2020-13795
An issue was discovered in Navigate CMS through 2.8.7. It allows Directory Traversal because lib/packages/templates/template.class.php mishandles ../ and ..\ substrings...
CVE-2020-13796
An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/structure/structure.class.php...
CVE-2020-14927
Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the "Web Sites Create Aliases Add" screen...
CVE-2020-13797
An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/websites/website.class.php...
CVE-2020-13798
An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/feeds/feed.class.php...
Exploit for Server-Side Request Forgery in Naviwebs Navigate_Cms
It is an exploit module targeting Apache HTTP Server. The targe...
Naviwebs Navigate CMS Directory Traversal (CVE-2018-17553)
A directory traversal vulnerability exists in Naviwebs Navigate CMS. Successful exploitation of this vulnerability could allow an attacker to access arbitrary files on the affected system...
Navigate CMS 2.9.4 - Server-Side Request Forgery (SSRF) (Authenticated) Exploit
!/usr/bin/env python3 Exploit Title: Navigate CMS 2.9.4 - Server-Side Request Forgery SSRF Authenticated Exploit Author: cheshireca7 Vendor Homepage: https://www.navigatecms.com/ Software Link: https://sourceforge.net/projects/navigatecms/files/releases/navigate-2.9.4r1561.zip/download Version:...
Navigate CMS 2.9.4 Server-Side Request Forgery
!/usr/bin/env python3 Exploit Title: Navigate CMS 2.9.4 - Server-Side Request Forgery SSRF Authenticated Exploit Author: cheshireca7 Vendor Homepage: https://www.navigatecms.com/ Software Link: https://sourceforge.net/projects/navigatecms/files/releases/navigate-2.9.4r1561.zip/download Version:...
CVE-2022-28117
A Server-Side Request Forgery SSRF in feedparser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter...
CVE-2022-28117
A Server-Side Request Forgery SSRF in feedparser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter...
CVE-2022-28117
A Server-Side Request Forgery SSRF in feedparser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter...
Server side request forgery (ssrf)
A Server-Side Request Forgery SSRF in feedparser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter...
CVE-2022-28117
A Server-Side Request Forgery SSRF in feedparser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter...
CVE-2022-28117
Navigate CMS v2.9.4 is affected by a Server-Side Request Forgery (SSRF) in the feed_parser class. An attacker can force the application to make arbitrary outbound requests by injecting URLs into the feed parameter, potentially exposing internal resources or enabling data exposure and unauthorized...
Navigate CMS 代码问题漏洞
Naviwebs Navigate CMS is an open source content management system CMS from Naviwebs, Inc. in the United States. A security vulnerability exists in Navigate CMS v2.9.4, which allows remote attackers to force an application to make arbitrary requests by injecting arbitrary URLs into feed parameters...
Exploit for Server-Side Request Forgery in Naviwebs Navigate_Cms
CVE-2022-28117 Navigate CMS = 2.9.4 - Server-Side Request...
CVE-2021-44299
A reflected cross-site scripting XSS vulnerability in \lib\packages\themes\themes.php of Navigate CMS v2.9.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2021-44299
A reflected cross-site scripting XSS vulnerability in \lib\packages\themes\themes.php of Navigate CMS v2.9.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload...