Cross site scripting

Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the "Web Sites Create Aliases Add" screen...

CVE-2020-14927

Navigate CMS 2.9 has a cross-site scripting (XSS) flaw exploitable via the Alias or Real URL field in Web Sites > Create > Aliases > Add. CVSS details: v3.1 base score 4.8 (AV:N, AC:L, PR:H, UI:R, S:C, C:L, I:L, A:N) and v2 base score 3.5 (AV:N, AC:M, Au:S, C:N, I:P, A:N). Exploitation s...