Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
234052.6%CRITICAL

Related CVEs

34
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2020-37054Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. Attackers can trick authenticated administrators into executing arbitrary file uploads by leveraging the extension upload functionality without additional validation.MEDIUM5.110.3%Jan 30, 2026
CVE-2020-37053Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the vulnerability to extract user activation keys by using time-based blind SQL injection techniques, potentially enabling password reset for administrative accounts.HIGH7.125.6%Jan 30, 2026
CVE-2022-28117A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter.MEDIUM4.9Apr 28, 2022
CVE-2021-44299A reflected cross-site scripting (XSS) vulnerability in \lib\packages\themes\themes.php of Navigate CMS v2.9.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.MEDIUM5.4Jan 19, 2022
CVE-2021-44351An arbitrary file read vulnerability exists in NavigateCMS 2.9 via /navigate/navigate_download.php id parameter.HIGH7.5Jan 6, 2022
CVE-2021-36455SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php.HIGH8.8Aug 6, 2021
CVE-2021-36454Cross Site Scripting (XSS) vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1) backups\backups.php, 2) blocks\blocks.php, 3) brands\brands.php, 4) comments\comments.php, 5) coupons\coupons.php, 6) feeds\feeds.php, 7) functions\functions.php, 8) items\items.php, 9) menus\menus.php, 10) orders\orders.php, 11) payment_methods\payment_methods.php, 12) products\products.php, 13) profiles\profiles.php, 14) shipping_methods\shipping_methods.php, 15) templates\templates.php, 16) users\users.php, 17) webdictionary\webdictionary.php, 18) websites\websites.php, and 19) webusers\webusers.php because the initial_url function is built in these files.MEDIUM5.4Aug 6, 2021
CVE-2020-23243Cross Site Scripting (XSS) vulnerability in NavigateCMS NavigateCMS 2.9 via the name="wrong_path_redirect" feature.MEDIUM4.840.6%Jul 26, 2021
CVE-2020-23242Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools feature.MEDIUM4.840.6%Jul 26, 2021
CVE-2021-37478In NavigateCMS version 2.9.4 and below, function `block` is vulnerable to sql injection on parameter `block-order`, which results in arbitrary sql query execution in the backend database.CRITICAL9.8Jul 26, 2021
CVE-2021-37477In NavigateCMS version 2.9.4 and below, function in `structure.php` is vulnerable to sql injection on parameter `children_order`, which results in arbitrary sql query execution in the backend database.CRITICAL9.8Jul 26, 2021
CVE-2021-37476In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `id` through a post request, which results in arbitrary sql query execution in the backend database.CRITICAL9.8Jul 26, 2021
CVE-2021-37475In NavigateCMS version 2.9.4 and below, function in `templates.php` is vulnerable to sql injection on parameter `template-properties-order`, which results in arbitrary sql query execution in the backend database.CRITICAL9.8Jul 26, 2021
CVE-2021-37473In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `products-order` through a post request, which results in arbitrary sql query execution in the backend database.CRITICAL9.8Jul 26, 2021
CVE-2020-23711SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php.CRITICAL9.870.4%Jun 28, 2021
CVE-2020-23657NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration."MEDIUM5.440.8%Aug 26, 2020
CVE-2020-23656NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Content."MEDIUM5.440.8%Aug 26, 2020
CVE-2020-23655NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration."MEDIUM5.441.6%Aug 26, 2020
CVE-2020-23654NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the module "Shop."MEDIUM5.440.8%Aug 26, 2020
CVE-2020-14018An issue was discovered in Navigate CMS 2.9 r1433. There is a stored XSS vulnerability that is executed on the page to view users, and on the page to edit users. This is present in both the User field and the E-Mail field. On the Edit user page, the XSS is only triggered via the E-Mail field; however, on the View user page the XSS is triggered via either the User field or the E-Mail field.MEDIUM6.156.3%Jun 24, 2020