Navigate
CVE-2015-5499
MEDIUM
Severity by source
AV:N/AC:L/Au:S/C:N/I:P/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:S/C:N/I:P/A:N
Lifecycle Timeline
1DescriptionCVE.org
The Navigate module for Drupal does not properly check permissions, which allows remote authenticated users to modify custom widgets and create widget database records by leveraging the "navigate view" permission.
AnalysisAI
The Navigate module for Drupal does not properly check permissions, which allows remote authenticated users to modify custom widgets and create widget database records by leveraging the "navigate. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-264. The Navigate module for Drupal does not properly check permissions, which allows remote authenticated users to modify custom widgets and create widget database records by leveraging the "navigate view" permission. Affected products include: Navigate Project Navigate.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Cross-site scripting (XSS) vulnerability in the Navigate bar in the Navigate module before 6.x-1.1 and 7.x-1.x before 7.
Cross-site scripting (XSS) vulnerability in the Navigate module for Drupal allows remote authenticated users with certai
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today