198 matches found
CVE-2021-44299
A reflected cross-site scripting XSS vulnerability in \lib\packages\themes\themes.php of Navigate CMS v2.9.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload...
Cross site scripting
A reflected cross-site scripting XSS vulnerability in \lib\packages\themes\themes.php of Navigate CMS v2.9.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2021-44299
Naviga te CMS v2.9.4 is affected by CVE-2021-44299 due to a reflected XSS in the themes.php (under \lib\packages\themes\themes.php). The vulnerability arises from improper handling of crafted input, enabling an authenticated attacker to inject and execute arbitrary web scripts or HTML in the cont...
CVE-2021-44299
A reflected cross-site scripting XSS vulnerability in \lib\packages\themes\themes.php of Navigate CMS v2.9.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload...
The vulnerability of the templates.php implementation of the Navigate CMS system allows a hacker to execute arbitrary SQL code.
The vulnerability of the templates.php implementation of the Navigate CMS content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary SQL code...
Multiple vulnerabilities in Navigate CMS
Overview Navigate CMS is an open source Contents Management System CMS provided by Naviwebs S.C. Navigate CMS contains multiple vulnerabilities listed below. Reflected cross-site scripting in the Help feature CWE-79 Reflected cross-site scripting CWE-79 - CVE-2021-36454 SQL injection CWE-89 -...
CVE-2021-36455
SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php...
CVE-2021-36454
Cross Site Scripting XSS vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1 backups\backups.php, 2 blocks\blocks.php, 3 brands\brands.php, 4 comments\comments.php, 5 coupons\coupons.php, 6 feeds\feeds.php, 7 functions\functions.php, 8 items\items.php, 9...
CVE-2021-36454
Cross Site Scripting XSS vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1 backups\backups.php, 2 blocks\blocks.php, 3 brands\brands.php, 4 comments\comments.php, 5 coupons\coupons.php, 6 feeds\feeds.php, 7 functions\functions.php, 8 items\items.php, 9...
Cross site scripting
Cross Site Scripting XSS vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1 backups\backups.php, 2 blocks\blocks.php, 3 brands\brands.php, 4 comments\comments.php, 5 coupons\coupons.php, 6 feeds\feeds.php, 7 functions\functions.php, 8 items\items.php, 9...
Sql injection
SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php...
CVE-2021-36455
SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php...
CVE-2021-36455
CVE-2021-36455 affects Naviwebs Navigate CMS 2.9. The vulnerability is a SQL Injection in the quicksearch parameter of lib/packages/comments/comments.php, caused by insufficient input filtering. Documents confirm the affected product/version and root cause; no explicit exploitation details are pr...
CVE-2021-36454
Navigate CMS 2.9 is affected by a cross-site scripting (XSS) vulnerability (CVE-2021-36454) exploitable via the navigate-quickse parameter in multiple files (e.g., backups.php, blocks.php, brands.php, comments.php, coupons.php, feeds.php, functions.php, items.php, menus.php, orders.php, payment_m...
CVE-2021-36454
Cross Site Scripting XSS vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1 backups\backups.php, 2 blocks\blocks.php, 3 brands\brands.php, 4 comments\comments.php, 5 coupons\coupons.php, 6 feeds\feeds.php, 7 functions\functions.php, 8 items\items.php, 9...
NavigateCMS 跨站脚本漏洞
NavigateCMS is a content management system. NavigateCMS 2.9 suffers from a cross-site scripting vulnerability that stems from the WEB application's lack of proper validation of client-side data. An attacker can exploit the vulnerability to execute client-side code...
Navigate CMS Cross-Site Scripting Vulnerability (CNVD-2021-57428)
A cross-site scripting vulnerability exists in Navigate CMS version 2.9, which is a powerful and intuitive content management system. The vulnerability can be exploited to conduct cross-site scripting attacks via the name="wrongpathredirect" function...
Navigate CMS sql injection vulnerability (CNVD-2021-57420)
Navigate CMS is a powerful and intuitive content management system. A sql injection vulnerability exists in the template-properties-order parameter in templates.php in Navigate CMS 2.9.4 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary sql queries in the backe...
Navigate CMS sql injection vulnerability (CNVD-2021-57423)
Navigate CMS is a powerful and intuitive content management system. A sql injection vulnerability exists in the block-order parameter of the block function in Navigate CMS 2.9.4 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary sql queries in the backend databa...
Navigate CMS sql injection vulnerability (CNVD-2021-57419)
Navigate CMS is a powerful and intuitive content management system. A sql injection vulnerability exists in the products-order parameter in products.php in Navigate CMS 2.9.4 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary sql queries in the backend database...