Navigate Cms
Monthly
Reflected cross-site scripting in Navigate CMS allows remote attackers to inject and execute arbitrary JavaScript in victims' browsers via unsanitized query parameters in the /blog endpoint. The vulnerability affects Navigate CMS versions 0 through 2.9.5 and requires user interaction (clicking a malicious link). CVSS 5.1 reflects the limited scope (only session/cookie theft) and mandatory user interaction, though exploitation is straightforward for phishing campaigns.
Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. [CVSS 4.3 MEDIUM]
Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. [CVSS 7.1 HIGH]
Reflected cross-site scripting in Navigate CMS allows remote attackers to inject and execute arbitrary JavaScript in victims' browsers via unsanitized query parameters in the /blog endpoint. The vulnerability affects Navigate CMS versions 0 through 2.9.5 and requires user interaction (clicking a malicious link). CVSS 5.1 reflects the limited scope (only session/cookie theft) and mandatory user interaction, though exploitation is straightforward for phishing campaigns.
Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. [CVSS 4.3 MEDIUM]
Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. [CVSS 7.1 HIGH]