Lucene search
+L

198 matches found

NVD
NVD
added 2022/01/19 6:15 p.m.21 views

CVE-2021-44299

A reflected cross-site scripting XSS vulnerability in \lib\packages\themes\themes.php of Navigate CMS v2.9.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.4CVSS0.00438EPSS
Exploits1References1
Prion
Prion
added 2022/01/19 6:15 p.m.20 views

Cross site scripting

A reflected cross-site scripting XSS vulnerability in \lib\packages\themes\themes.php of Navigate CMS v2.9.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload...

3.5CVSS5.2AI score0.00438EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/01/19 5:45 p.m.47 views

CVE-2021-44299

Naviga te CMS v2.9.4 is affected by CVE-2021-44299 due to a reflected XSS in the themes.php (under \lib\packages\themes\themes.php). The vulnerability arises from improper handling of crafted input, enabling an authenticated attacker to inject and execute arbitrary web scripts or HTML in the cont...

5.4CVSS5.2AI score0.00438EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/01/19 5:45 p.m.25 views

CVE-2021-44299

A reflected cross-site scripting XSS vulnerability in \lib\packages\themes\themes.php of Navigate CMS v2.9.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.4AI score0.00438EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2021/08/27 12:0 a.m.7 views

The vulnerability of the templates.php implementation of the Navigate CMS system allows a hacker to execute arbitrary SQL code.

The vulnerability of the templates.php implementation of the Navigate CMS content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary SQL code...

9.8CVSS8.2AI score0.02483EPSS
Exploits1References5Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/08/20 5:25 a.m.4 views

Multiple vulnerabilities in Navigate CMS

Overview Navigate CMS is an open source Contents Management System CMS provided by Naviwebs S.C. Navigate CMS contains multiple vulnerabilities listed below. Reflected cross-site scripting in the Help feature CWE-79 Reflected cross-site scripting CWE-79 - CVE-2021-36454 SQL injection CWE-89 -...

8.8CVSS7.2AI score0.01104EPSS
Exploits2References11
NVD
NVD
added 2021/08/06 4:15 p.m.29 views

CVE-2021-36455

SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php...

8.8CVSS0.01104EPSS
Exploits1References2
NVD
NVD
added 2021/08/06 4:15 p.m.28 views

CVE-2021-36454

Cross Site Scripting XSS vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1 backups\backups.php, 2 blocks\blocks.php, 3 brands\brands.php, 4 comments\comments.php, 5 coupons\coupons.php, 6 feeds\feeds.php, 7 functions\functions.php, 8 items\items.php, 9...

5.4CVSS0.00552EPSS
Exploits1References2
OSV
OSV
added 2021/08/06 4:15 p.m.5 views

CVE-2021-36454

Cross Site Scripting XSS vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1 backups\backups.php, 2 blocks\blocks.php, 3 brands\brands.php, 4 comments\comments.php, 5 coupons\coupons.php, 6 feeds\feeds.php, 7 functions\functions.php, 8 items\items.php, 9...

5.4CVSS7.3AI score0.00552EPSS
Exploits1References2
Prion
Prion
added 2021/08/06 4:15 p.m.21 views

Cross site scripting

Cross Site Scripting XSS vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1 backups\backups.php, 2 blocks\blocks.php, 3 brands\brands.php, 4 comments\comments.php, 5 coupons\coupons.php, 6 feeds\feeds.php, 7 functions\functions.php, 8 items\items.php, 9...

3.5CVSS5.3AI score0.00552EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/08/06 4:15 p.m.23 views

Sql injection

SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php...

6.5CVSS9.1AI score0.01104EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/08/06 3:25 p.m.35 views

CVE-2021-36455

SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php...

9.4AI score0.01104EPSS
Exploits1References2
CVE
CVE
added 2021/08/06 3:25 p.m.86 views

CVE-2021-36455

CVE-2021-36455 affects Naviwebs Navigate CMS 2.9. The vulnerability is a SQL Injection in the quicksearch parameter of lib/packages/comments/comments.php, caused by insufficient input filtering. Documents confirm the affected product/version and root cause; no explicit exploitation details are pr...

8.8CVSS9.1AI score0.01104EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/08/06 3:19 p.m.88 views

CVE-2021-36454

Navigate CMS 2.9 is affected by a cross-site scripting (XSS) vulnerability (CVE-2021-36454) exploitable via the navigate-quickse parameter in multiple files (e.g., backups.php, blocks.php, brands.php, comments.php, coupons.php, feeds.php, functions.php, items.php, menus.php, orders.php, payment_m...

5.4CVSS5.3AI score0.00552EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/08/06 3:19 p.m.25 views

CVE-2021-36454

Cross Site Scripting XSS vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1 backups\backups.php, 2 blocks\blocks.php, 3 brands\brands.php, 4 comments\comments.php, 5 coupons\coupons.php, 6 feeds\feeds.php, 7 functions\functions.php, 8 items\items.php, 9...

5.5AI score0.00552EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/08/06 12:0 a.m.5 views

NavigateCMS 跨站脚本漏洞

NavigateCMS is a content management system. NavigateCMS 2.9 suffers from a cross-site scripting vulnerability that stems from the WEB application's lack of proper validation of client-side data. An attacker can exploit the vulnerability to execute client-side code...

5.4CVSS6.6AI score0.00552EPSS
Exploits1References3
CNVD
CNVD
added 2021/07/27 12:0 a.m.16 views

Navigate CMS Cross-Site Scripting Vulnerability (CNVD-2021-57428)

A cross-site scripting vulnerability exists in Navigate CMS version 2.9, which is a powerful and intuitive content management system. The vulnerability can be exploited to conduct cross-site scripting attacks via the name="wrongpathredirect" function...

4.8CVSS5.1AI score0.00527EPSS
Exploits1References1
CNVD
CNVD
added 2021/07/27 12:0 a.m.15 views

Navigate CMS sql injection vulnerability (CNVD-2021-57420)

Navigate CMS is a powerful and intuitive content management system. A sql injection vulnerability exists in the template-properties-order parameter in templates.php in Navigate CMS 2.9.4 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary sql queries in the backe...

9.8CVSS9.7AI score0.02483EPSS
Exploits1References1
CNVD
CNVD
added 2021/07/27 12:0 a.m.9 views

Navigate CMS sql injection vulnerability (CNVD-2021-57423)

Navigate CMS is a powerful and intuitive content management system. A sql injection vulnerability exists in the block-order parameter of the block function in Navigate CMS 2.9.4 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary sql queries in the backend databa...

9.8CVSS9.7AI score0.02162EPSS
Exploits1References1
CNVD
CNVD
added 2021/07/27 12:0 a.m.12 views

Navigate CMS sql injection vulnerability (CNVD-2021-57419)

Navigate CMS is a powerful and intuitive content management system. A sql injection vulnerability exists in the products-order parameter in products.php in Navigate CMS 2.9.4 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary sql queries in the backend database...

9.8CVSS9.7AI score0.02162EPSS
Exploits1References1
Rows per page
Query Builder