Lucene search
NaviwebsNavigatecms
5 matches found
CVE-2020-14067
The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php.
9.8CVSS9.4AI score0.00433EPSS
CVE-2020-23655
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration."
5.4CVSS5.3AI score0.00206EPSS
CVE-2020-23657
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration."
5.4CVSS5.3AI score0.00206EPSS
CVE-2020-23654
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the module "Shop."
5.4CVSS5.3AI score0.00206EPSS
CVE-2020-23656
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Content."
5.4CVSS5.3AI score0.00206EPSS