CVE-2020-23243

Vulnerability

A reflected Cross-Site Scripting (XSS) vulnerability exists in NavigateCMS version 2.9 within the wrong_path_redirect feature. When an authenticated administrator edits a website (via navigate.php?fid=websites&act=edit), the wrong_path_redirect parameter is not properly sanitized, allowing injection of arbitrary HTML and JavaScript. This vulnerability is documented in the project's issue tracker [1].

Exploitation

Exploitation requires the attacker to have administrative access to the NavigateCMS backend. The steps are as follows: log in to the admin panel, navigate to "Web > Web sites", click the edit action on a website, and inject a malicious payload via the wrong_path_redirect parameter. The reference demonstrates using Burp Suite to craft and send the malicious request [1].

Impact

A successful attack allows the attacker to execute arbitrary JavaScript in the context of the victim's browser session. This can lead to theft of session cookies, redirection to malicious sites, or other actions performed under the victim's authenticated session. The impact is limited to authenticated users who are tricked into interacting with the crafted URL.

Mitigation

As of the reference date (July 2021), no official patch has been released by the vendor. Users should consider implementing input validation on the wrong_path_redirect parameter or upgrading to a newer version of NavigateCMS if available. Until a fix is applied, administrators should avoid following untrusted links to the admin panel.