CVE-2026-3317

Reflected Cross-Site Scripting XSS vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through designed query parameters. This results in unsafe HTML rendering, which could allow a remote attacker t...

CVE-2018-25393

Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigatedownload.php with path traversal payloads ../../../cfg/globals.php to...

CVE-2018-25393

Navigate CMS 2.8.5 contains a path traversal vulnerability exploitable by authenticated users via the id parameter on navigate_download.php. Attack payloads like ../../../cfg/globals.php can be used to download arbitrary files, exposing sensitive configuration and system files outside the intende...

PT-2026-44871

Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigate download.php with path traversal payloads ../../../cfg/globals.php to...

CVE-2026-3317 Reflected Cross-Site Scripting in Navigate CMS application

Reflected Cross-Site Scripting XSS vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through designed query parameters. This results in unsafe HTML rendering, which could allow a remote attacker t...

CVE-2026-3317

Reflected Cross-Site Scripting XSS vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through designed query parameters. This results in unsafe HTML rendering, which could allow a remote attacker t...

CVE-2026-3317

CVE-2026-3317 is a reflected XSS vulnerability in Navigate Content Management System affecting the /blog endpoint. The root cause is unsanitized user input via designed query parameters, leading to unsafe HTML rendering and the potential execution of JavaScript in a victim’s browser. The issue is...

PT-2026-33923

Reflected Cross-Site Scripting XSS vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through designed query parameters. This results in unsafe HTML rendering, which could allow a remote attacker t...

CVE-2021-36455

SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php...

Naviwebs Navigate CMS SQL注入漏洞

Naviwebs Navigate CMS is an open source content management system CMS from Naviwebs, Inc. A SQL injection vulnerability exists in Naviwebs Navigate CMS, which originates from the failure of quicksearch in the product libpackagescommentscomments.php file to filter input data for special characters...

Navigate CMS Cross-Site Scripting Vulnerability (CNVD-2020-49508)

Navigate CMS is a powerful and intuitive content management system. A cross-site scripting vulnerability exists in the Configuration module of Navigate CMS 2.9. The vulnerability can be exploited to conduct cross-site scripting attacks...

Navigate CMS Cross-Site Scripting Vulnerability (CNVD-2020-49460)

Navigate CMS is a powerful and intuitive content management system. A cross-site scripting vulnerability exists in the "Store" module of Navigate CMS 2.9. This vulnerability can be exploited by attackers to conduct cross-site scripting attacks...

Naviwebs Navigate CMS Cross-Site Scripting Vulnerability (CNVD-2020-35983)

Navigate CMS is an open source content management system CMS. A cross-site scripting vulnerability exists in the lib/packages/structure/structure.class.php file in Navigate CMS 2.8.7 and earlier versions. The vulnerability stems from a lack of proper validation of client-side data by the WEB...

Naviwebs Navigate CMS Cross-Site Scripting Vulnerability

Navigate CMS is an open source content management system CMS. A cross-site scripting vulnerability exists in the lib/packages/feeds/feed.class.php file in Navigate CMS 2.8.7 and earlier versions. The vulnerability stems from the WEB application lacking proper validation of client-side data. An...