Lucene search
K

198 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:19 p.m.10 views

CVE-2020-14016

An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to reset their passwords by using either their username or the email address associated with their account. However, the feature returns a notfound message when the provided username or email address does...

5.3CVSS6.8AI score0.01579EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:18 p.m.12 views

CVE-2020-13795

An issue was discovered in Navigate CMS through 2.8.7. It allows Directory Traversal because lib/packages/templates/template.class.php mishandles ../ and ..\ substrings...

5.3CVSS6.8AI score0.01752EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/05/22 4:18 p.m.12 views

CVE-2020-13796

An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/structure/structure.class.php...

6.1CVSS6AI score0.00679EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:0 p.m.9 views

CVE-2020-14927

Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the "Web Sites Create Aliases Add" screen...

4.8CVSS5.9AI score0.00545EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:48 p.m.8 views

CVE-2020-13797

An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/websites/website.class.php...

6.1CVSS6AI score0.00679EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:10 p.m.9 views

CVE-2020-13798

An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/feeds/feed.class.php...

6.1CVSS6AI score0.00679EPSS
Exploits0
GithubExploit
GithubExploit
added 2023/12/26 6:51 a.m.403 views

Exploit for Server-Side Request Forgery in Naviwebs Navigate_Cms

It is an exploit module targeting Apache HTTP Server. The targe...

4.9CVSS6.4AI score0.2195EPSS
Exploits6
Check Point Advisories
Check Point Advisories
added 2022/05/26 12:0 a.m.34 views

Naviwebs Navigate CMS Directory Traversal (CVE-2018-17553)

A directory traversal vulnerability exists in Naviwebs Navigate CMS. Successful exploitation of this vulnerability could allow an attacker to access arbitrary files on the affected system...

6.5CVSS5.5AI score0.78994EPSS
Exploits5
0day.today
0day.today
added 2022/05/12 12:0 a.m.292 views

Navigate CMS 2.9.4 - Server-Side Request Forgery (SSRF) (Authenticated) Exploit

!/usr/bin/env python3 Exploit Title: Navigate CMS 2.9.4 - Server-Side Request Forgery SSRF Authenticated Exploit Author: cheshireca7 Vendor Homepage: https://www.navigatecms.com/ Software Link: https://sourceforge.net/projects/navigatecms/files/releases/navigate-2.9.4r1561.zip/download Version:...

4.9CVSS0.8AI score0.2195EPSS
Exploits6
Packet Storm
Packet Storm
added 2022/05/11 12:0 a.m.242 views

Navigate CMS 2.9.4 Server-Side Request Forgery

!/usr/bin/env python3 Exploit Title: Navigate CMS 2.9.4 - Server-Side Request Forgery SSRF Authenticated Exploit Author: cheshireca7 Vendor Homepage: https://www.navigatecms.com/ Software Link: https://sourceforge.net/projects/navigatecms/files/releases/navigate-2.9.4r1561.zip/download Version:...

4.9CVSS0.9AI score0.2195EPSS
Exploits6
OSV
OSV
added 2022/04/28 3:15 p.m.3 views

CVE-2022-28117

A Server-Side Request Forgery SSRF in feedparser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter...

4.9CVSS5.9AI score0.2195EPSS
Exploits6References3
ATTACKERKB
ATTACKERKB
added 2022/04/28 3:15 p.m.2 views

CVE-2022-28117

A Server-Side Request Forgery SSRF in feedparser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter...

4.9CVSS6AI score0.2195EPSS
Exploits6References5
NVD
NVD
added 2022/04/28 3:15 p.m.18 views

CVE-2022-28117

A Server-Side Request Forgery SSRF in feedparser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter...

4.9CVSS0.2195EPSS
Exploits6References3
Prion
Prion
added 2022/04/28 3:15 p.m.21 views

Server side request forgery (ssrf)

A Server-Side Request Forgery SSRF in feedparser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter...

4CVSS5.4AI score0.2195EPSS
Exploits6References3Affected Software1
Cvelist
Cvelist
added 2022/04/28 2:13 p.m.35 views

CVE-2022-28117

A Server-Side Request Forgery SSRF in feedparser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter...

5.7AI score0.2195EPSS
Exploits6References3
CVE
CVE
added 2022/04/28 2:13 p.m.101 views

CVE-2022-28117

Navigate CMS v2.9.4 is affected by a Server-Side Request Forgery (SSRF) in the feed_parser class. An attacker can force the application to make arbitrary outbound requests by injecting URLs into the feed parameter, potentially exposing internal resources or enabling data exposure and unauthorized...

4.9CVSS5.3AI score0.2195EPSS
Exploits6References3Affected Software1
CNNVD
CNNVD
added 2022/04/28 12:0 a.m.8 views

Navigate CMS 代码问题漏洞

Naviwebs Navigate CMS is an open source content management system CMS from Naviwebs, Inc. in the United States. A security vulnerability exists in Navigate CMS v2.9.4, which allows remote attackers to force an application to make arbitrary requests by injecting arbitrary URLs into feed parameters...

4.9CVSS5.6AI score0.2195EPSS
Exploits6References7
GithubExploit
GithubExploit
added 2022/04/06 1:27 p.m.230 views

Exploit for Server-Side Request Forgery in Naviwebs Navigate_Cms

CVE-2022-28117 Navigate CMS = 2.9.4 - Server-Side Request...

4.9CVSS5.5AI score0.2195EPSS
Exploits6
NVD
NVD
added 2022/01/19 6:15 p.m.20 views

CVE-2021-44299

A reflected cross-site scripting XSS vulnerability in \lib\packages\themes\themes.php of Navigate CMS v2.9.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.4CVSS0.00438EPSS
Exploits1References1
OSV
OSV
added 2022/01/19 6:15 p.m.6 views

CVE-2021-44299

A reflected cross-site scripting XSS vulnerability in \lib\packages\themes\themes.php of Navigate CMS v2.9.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.4CVSS6.2AI score0.00438EPSS
Exploits1References1
Rows per page
Query Builder