Naviwebs CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (34 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2020-37054	1 Naviwebs	1 Navigate Cms	2026-02-03	4.3 Medium
Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. Attackers can trick authenticated administrators into executing arbitrary file uploads by leveraging the extension upload functionality without additional validation.
CVE-2020-37053	1 Naviwebs	1 Navigate Cms	2026-02-03	7.1 High
Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the vulnerability to extract user activation keys by using time-based blind SQL injection techniques, potentially enabling password reset for administrative accounts.
CVE-2022-28117	1 Naviwebs	1 Navigate Cms	2024-11-21	4.9 Medium
A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter.
CVE-2021-44351	1 Naviwebs	1 Navigate Cms	2024-11-21	7.5 High
An arbitrary file read vulnerability exists in NavigateCMS 2.9 via /navigate/navigate_download.php id parameter.
CVE-2021-44299	1 Naviwebs	1 Navigate Cms	2024-11-21	5.4 Medium
A reflected cross-site scripting (XSS) vulnerability in \lib\packages\themes\themes.php of Navigate CMS v2.9.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2021-37478	1 Naviwebs	1 Navigatecms	2024-11-21	9.8 Critical
In NavigateCMS version 2.9.4 and below, function `block` is vulnerable to sql injection on parameter `block-order`, which results in arbitrary sql query execution in the backend database.
CVE-2021-37477	1 Naviwebs	1 Navigatecms	2024-11-21	9.8 Critical
In NavigateCMS version 2.9.4 and below, function in `structure.php` is vulnerable to sql injection on parameter `children_order`, which results in arbitrary sql query execution in the backend database.
CVE-2021-37476	1 Naviwebs	1 Navigatecms	2024-11-21	9.8 Critical
In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `id` through a post request, which results in arbitrary sql query execution in the backend database.
CVE-2021-37475	1 Naviwebs	1 Navigatecms	2024-11-21	9.8 Critical
In NavigateCMS version 2.9.4 and below, function in `templates.php` is vulnerable to sql injection on parameter `template-properties-order`, which results in arbitrary sql query execution in the backend database.
CVE-2021-37473	1 Naviwebs	1 Navigatecms	2024-11-21	9.8 Critical
In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `products-order` through a post request, which results in arbitrary sql query execution in the backend database.
CVE-2021-36455	1 Naviwebs	1 Navigate Cms	2024-11-21	8.8 High
SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php.
CVE-2021-36454	1 Naviwebs	1 Navigate Cms	2024-11-21	5.4 Medium
Cross Site Scripting (XSS) vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1) backups\backups.php, 2) blocks\blocks.php, 3) brands\brands.php, 4) comments\comments.php, 5) coupons\coupons.php, 6) feeds\feeds.php, 7) functions\functions.php, 8) items\items.php, 9) menus\menus.php, 10) orders\orders.php, 11) payment_methods\payment_methods.php, 12) products\products.php, 13) profiles\profiles.php, 14) shipping_methods\shipping_methods.php, 15) templates\templates.php, 16) users\users.php, 17) webdictionary\webdictionary.php, 18) websites\websites.php, and 19) webusers\webusers.php because the initial_url function is built in these files.
CVE-2020-23711	1 Naviwebs	1 Navigate Cms	2024-11-21	9.8 Critical
SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php.
CVE-2020-23657	1 Naviwebs	1 Navigatecms	2024-11-21	5.4 Medium
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration."
CVE-2020-23656	1 Naviwebs	1 Navigatecms	2024-11-21	5.4 Medium
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Content."
CVE-2020-23655	1 Naviwebs	1 Navigatecms	2024-11-21	5.4 Medium
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration."
CVE-2020-23654	1 Naviwebs	1 Navigatecms	2024-11-21	5.4 Medium
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the module "Shop."
CVE-2020-23243	1 Naviwebs	1 Navigatecms	2024-11-21	4.8 Medium
Cross Site Scripting (XSS) vulnerability in NavigateCMS NavigateCMS 2.9 via the name="wrong_path_redirect" feature.
CVE-2020-23242	1 Naviwebs	1 Navigatecms	2024-11-21	4.8 Medium
Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools feature.
CVE-2020-14927	1 Naviwebs	1 Navigate Cms	2024-11-21	4.8 Medium
Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the "Web Sites > Create > Aliases > Add" screen.

Page 1 of 2. next last »