Navigatecms
by Navigatecms
Source repositories
CVEs (29)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-23654 | 0.00 | — | 0.01 | Aug 26, 2020 | NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the module "Shop." | |||
| CVE-2020-14018 | 0.00 | — | 0.01 | Jun 24, 2020 | An issue was discovered in Navigate CMS 2.9 r1433. There is a stored XSS vulnerability that is executed on the page to view users, and on the page to edit users. This is present in both the User field and the E-Mail field. On the Edit user page, the XSS is only triggered via the… | |||
| CVE-2020-14016 | 0.00 | — | 0.02 | Jun 24, 2020 | An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to reset their passwords by using either their username or the email address associated with their account. However, the feature returns a not_found message when the provided username or… | |||
| CVE-2020-14927 | 0.00 | — | 0.01 | Jun 19, 2020 | Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the "Web Sites > Create > Aliases > Add" screen. | |||
| CVE-2020-14067 | 0.00 | — | 0.01 | Jun 15, 2020 | The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php. | |||
| CVE-2020-13795 | 0.00 | — | 0.02 | Jun 3, 2020 | An issue was discovered in Navigate CMS through 2.8.7. It allows Directory Traversal because lib/packages/templates/template.class.php mishandles ../ and ..\ substrings. | |||
| CVE-2020-13796 | 0.00 | — | 0.01 | Jun 3, 2020 | An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/structure/structure.class.php. | |||
| CVE-2020-13797 | 0.00 | — | 0.01 | Jun 3, 2020 | An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/websites/website.class.php. | |||
| CVE-2020-13798 | 0.00 | — | 0.01 | Jun 3, 2020 | An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/feeds/feed.class.php. |
- CVE-2020-23654Aug 26, 2020risk 0.00cvss —epss 0.01
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the module "Shop."
- CVE-2020-14018Jun 24, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Navigate CMS 2.9 r1433. There is a stored XSS vulnerability that is executed on the page to view users, and on the page to edit users. This is present in both the User field and the E-Mail field. On the Edit user page, the XSS is only triggered via the…
- CVE-2020-14016Jun 24, 2020risk 0.00cvss —epss 0.02
An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to reset their passwords by using either their username or the email address associated with their account. However, the feature returns a not_found message when the provided username or…
- CVE-2020-14927Jun 19, 2020risk 0.00cvss —epss 0.01
Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the "Web Sites > Create > Aliases > Add" screen.
- CVE-2020-14067Jun 15, 2020risk 0.00cvss —epss 0.01
The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php.
- CVE-2020-13795Jun 3, 2020risk 0.00cvss —epss 0.02
An issue was discovered in Navigate CMS through 2.8.7. It allows Directory Traversal because lib/packages/templates/template.class.php mishandles ../ and ..\ substrings.
- CVE-2020-13796Jun 3, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/structure/structure.class.php.
- CVE-2020-13797Jun 3, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/websites/website.class.php.
- CVE-2020-13798Jun 3, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/feeds/feed.class.php.
Page 2 of 2