Navigatecms Security Vulnerabilities and Issues — Navigatecms CVE List

Lucene search

NaviwebsNavigatecms

7 matches found

CVE•added 2021/07/26 9:15 p.m.•42 views

CVE-2020-23242

Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools feature.

4.8CVSS4.9AI score0.0029EPSS

CVE•added 2021/07/26 9:15 p.m.•41 views

CVE-2020-23243

Cross Site Scripting (XSS) vulnerability in NavigateCMS NavigateCMS 2.9 via the name="wrong_path_redirect" feature.

4.8CVSS4.9AI score0.00212EPSS

CVE•added 2021/07/26 6:15 p.m.•41 views

CVE-2021-37478

In NavigateCMS version 2.9.4 and below, function block is vulnerable to sql injection on parameter block-order, which results in arbitrary sql query execution in the backend database.

9.8CVSS9.6AI score0.00679EPSS

CVE•added 2021/07/26 6:15 p.m.•40 views

CVE-2021-37475

In NavigateCMS version 2.9.4 and below, function in templates.php is vulnerable to sql injection on parameter template-properties-order, which results in arbitrary sql query execution in the backend database.

9.8CVSS9.6AI score0.00679EPSS

CVE•added 2021/07/26 6:15 p.m.•35 views

CVE-2021-37473

In NavigateCMS version 2.9.4 and below, function in product.php is vulnerable to sql injection on parameter products-order through a post request, which results in arbitrary sql query execution in the backend database.

9.8CVSS9.6AI score0.00679EPSS

CVE•added 2021/07/26 6:15 p.m.•35 views

CVE-2021-37477

In NavigateCMS version 2.9.4 and below, function in structure.php is vulnerable to sql injection on parameter children_order, which results in arbitrary sql query execution in the backend database.

9.8CVSS9.6AI score0.00679EPSS

CVE•added 2021/07/26 6:15 p.m.•32 views

CVE-2021-37476

In NavigateCMS version 2.9.4 and below, function in product.php is vulnerable to sql injection on parameter id through a post request, which results in arbitrary sql query execution in the backend database.

9.8CVSS9.6AI score0.00679EPSS