Known Vulnerabilities for products from Naviwebs
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Naviwebs".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-37478 | In NavigateCMS version 2.9.4 and below, function `block` is vulnerable to sql injection on parameter `block-order`, which res... | 9.8 - CRITICAL | 2021-07-26 | 2021-08-03 |
| CVE-2021-37477 | In NavigateCMS version 2.9.4 and below, function in `structure.php` is vulnerable to sql injection on parameter `children_ord... | 9.8 - CRITICAL | 2021-07-26 | 2021-07-28 |
| CVE-2021-37476 | In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `id` through a ... | 9.8 - CRITICAL | 2021-07-26 | 2021-07-28 |
| CVE-2021-37475 | In NavigateCMS version 2.9.4 and below, function in `templates.php` is vulnerable to sql injection on parameter `template-pro... | 9.8 - CRITICAL | 2021-07-26 | 2021-07-28 |
| CVE-2021-37473 | In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `products-order... | 9.8 - CRITICAL | 2021-07-26 | 2021-07-28 |
| CVE-2021-36455 | SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php... | 8.8 - HIGH | 2021-08-06 | 2021-08-13 |
| CVE-2021-36454 | Cross Site Scripting (XSS) vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1) backups\backup... | 5.4 - MEDIUM | 2021-08-06 | 2021-08-12 |
| CVE-2020-23711 | SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php. | 9.8 - CRITICAL | 2021-06-28 | 2021-07-01 |
| CVE-2020-23657 | NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration." | 5.4 - MEDIUM | 2020-08-26 | 2020-08-26 |
| CVE-2020-23656 | NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Content." | 5.4 - MEDIUM | 2020-08-26 | 2020-08-26 |
| CVE-2020-23655 | NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration." | 5.4 - MEDIUM | 2020-08-26 | 2020-08-26 |
| CVE-2020-23654 | NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the module "Shop." | 5.4 - MEDIUM | 2020-08-26 | 2020-08-26 |
| CVE-2020-23243 | Cross Site Scripting (XSS) vulnerability in NavigateCMS NavigateCMS 2.9 via the name="wrong_path_redirect" feature. | 4.8 - MEDIUM | 2021-07-26 | 2021-07-30 |
| CVE-2020-23242 | Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools feature. | 4.8 - MEDIUM | 2021-07-26 | 2021-07-30 |
| CVE-2020-14927 | Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the "Web Sites > Create > Aliases > Add" screen. | 4.8 - MEDIUM | 2020-06-19 | 2020-06-24 |
| CVE-2020-14067 | The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ... | 9.8 - CRITICAL | 2020-06-15 | 2020-06-17 |
| CVE-2020-14018 | An issue was discovered in Navigate CMS 2.9 r1433. There is a stored XSS vulnerability that is executed on the page to view u... | 6.1 - MEDIUM | 2020-06-24 | 2020-06-29 |
| CVE-2020-14017 | An issue was discovered in Navigate CMS 2.9 r1433. Sessions, as well as associated information such as CSRF tokens, are store... | 7.5 - HIGH | 2020-06-24 | 2020-06-29 |
| CVE-2020-14016 | An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to reset their passwords by using... | 5.3 - MEDIUM | 2020-06-24 | 2020-06-29 |
| CVE-2020-14015 | An issue was discovered in Navigate CMS 2.9 r1433. When performing a password reset, a user is emailed an activation code tha... | 7.5 - HIGH | 2020-06-24 | 2020-06-29 |
Known software with vulnerabilities from Naviwebs
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Naviwebs | Navigate Cms | - |
| Application | Naviwebs | Navigatecms | 2.9 |
Popular searches for "Naviwebs"
Naviwebs - the creators of Navigate CMS
www.naviwebs.comNaviwebs - the creators of Navigate CMS We provide technical support, custom developments and other professional services. Althought Navigate CMS has its own community, sometimes you need a quick and professional response to help you on your projects. ; OUR SERVICES Install support We can install Navigate CMS in your server and leave it ready for you to create your new website. We can even install it for you!
Content management system Technical support Installation (computer programs) Website Professional services Server (computing) Web service Subscription business model Email Issue tracking system HTML Application software Direct Client-to-Client Web hosting service Internet hosting service Software Design Theme (computing) Type system Privacy policy
Naviwebs SC
www.facebook.com/naviwebsNaviwebs SC Naviwebs 6 4 2 SC is on Facebook. Join Facebook to connect with Naviwebs v t r SC and others you may know. Facebook gives people the power to share and makes the world more open and connected.
Province of Girona Sant Celoni Girona Hostalric Empuriabrava Celrà Xuixo Empordà Bescanó Gerard Deulofeu CE Premià Province of Castellón Spain Gelida Sant Martí (district) Capellades Olot Capellades Paper Mill Museum Catalonia Marta Xargay