Skip to main content

Navigate Cms CVE-2020-14927

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2020-06-19 cve@mitre.org
4.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.8 MEDIUM
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 19, 2020 - 17:15 nvd
MEDIUM 4.8

DescriptionNVD

Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the "Web Sites > Create > Aliases > Add" screen.

AnalysisAI

Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the "Web Sites > Create > Aliases > Add" screen. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the "Web Sites > Create > Aliases > Add" screen. Affected products include: Naviwebs Navigate Cms.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2018-17552 CRITICAL POC
9.8 Oct 03

SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigat

CVE-2018-17553 HIGH POC
8.8 Oct 03

An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs N

CVE-2021-36455 HIGH POC
8.8 Aug 06

SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comment

CVE-2020-14017 HIGH POC
7.5 Jun 24

An issue was discovered in Navigate CMS 2.9 r1433. Rated high severity (CVSS 7.5), this vulnerability is remotely exploi

CVE-2020-14015 HIGH POC
7.5 Jun 24

An issue was discovered in Navigate CMS 2.9 r1433. Rated high severity (CVSS 7.5), this vulnerability is remotely exploi

CVE-2020-37053 HIGH POC
7.1 Jan 30

Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database informat

CVE-2020-14018 MEDIUM POC
6.1 Jun 24

An issue was discovered in Navigate CMS 2.9 r1433. Rated medium severity (CVSS 6.1), this vulnerability is remotely expl

CVE-2021-36454 MEDIUM POC
5.4 Aug 06

Cross Site Scripting (XSS) vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1) backups\b

CVE-2020-14014 MEDIUM POC
5.4 Jun 24

An issue was discovered in Navigate CMS 2.8 and 2.9 r1433. Rated medium severity (CVSS 5.4), this vulnerability is remot

CVE-2018-18029 MEDIUM POC
5.4 Oct 09

Navigate CMS has Stored XSS via the navigate.php Title field in an edit action. Rated medium severity (CVSS 5.4), this v

CVE-2018-17849 MEDIUM POC
5.4 Oct 04

Navigate CMS 2.8 has Stored XSS via a navigate_upload.php (aka File Upload) request with a multipart/form-data JavaScrip

CVE-2020-14016 MEDIUM POC
5.3 Jun 24

An issue was discovered in Navigate CMS 2.9 r1433. Rated medium severity (CVSS 5.3), this vulnerability is remotely expl

Share

CVE-2020-14927 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy