Known Vulnerabilities for products from Naviwebs
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Naviwebs".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
|CVE||Shortened Description||Severity||Publish Date||Last Modified|
|CVE-2021-37478||In NavigateCMS version 2.9.4 and below, function `block` is vulnerable to sql injection on parameter `block-order`, which res...||9.8 - CRITICAL||2021-07-26||2021-08-03|
|CVE-2021-37477||In NavigateCMS version 2.9.4 and below, function in `structure.php` is vulnerable to sql injection on parameter `children_ord...||9.8 - CRITICAL||2021-07-26||2021-07-28|
|CVE-2021-37476||In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `id` through a ...||9.8 - CRITICAL||2021-07-26||2021-07-28|
|CVE-2021-37475||In NavigateCMS version 2.9.4 and below, function in `templates.php` is vulnerable to sql injection on parameter `template-pro...||9.8 - CRITICAL||2021-07-26||2021-07-28|
|CVE-2021-37473||In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `products-order...||9.8 - CRITICAL||2021-07-26||2021-07-28|
|CVE-2021-36455||SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php...||8.8 - HIGH||2021-08-06||2021-08-13|
|CVE-2021-36454||Cross Site Scripting (XSS) vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1) backups\backup...||5.4 - MEDIUM||2021-08-06||2021-08-12|
|CVE-2020-23711||SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php.||9.8 - CRITICAL||2021-06-28||2021-07-01|
|CVE-2020-23657||NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration."||5.4 - MEDIUM||2020-08-26||2020-08-26|
|CVE-2020-23656||NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Content."||5.4 - MEDIUM||2020-08-26||2020-08-26|
|CVE-2020-23655||NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration."||5.4 - MEDIUM||2020-08-26||2020-08-26|
|CVE-2020-23654||NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the module "Shop."||5.4 - MEDIUM||2020-08-26||2020-08-26|
|CVE-2020-23243||Cross Site Scripting (XSS) vulnerability in NavigateCMS NavigateCMS 2.9 via the name="wrong_path_redirect" feature.||4.8 - MEDIUM||2021-07-26||2021-07-30|
|CVE-2020-23242||Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools feature.||4.8 - MEDIUM||2021-07-26||2021-07-30|
|CVE-2020-14927||Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the "Web Sites > Create > Aliases > Add" screen.||4.8 - MEDIUM||2020-06-19||2020-06-24|
|CVE-2020-14067||The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ...||9.8 - CRITICAL||2020-06-15||2020-06-17|
|CVE-2020-14018||An issue was discovered in Navigate CMS 2.9 r1433. There is a stored XSS vulnerability that is executed on the page to view u...||6.1 - MEDIUM||2020-06-24||2020-06-29|
|CVE-2020-14017||An issue was discovered in Navigate CMS 2.9 r1433. Sessions, as well as associated information such as CSRF tokens, are store...||7.5 - HIGH||2020-06-24||2020-06-29|
|CVE-2020-14016||An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to reset their passwords by using...||5.3 - MEDIUM||2020-06-24||2020-06-29|
|CVE-2020-14015||An issue was discovered in Navigate CMS 2.9 r1433. When performing a password reset, a user is emailed an activation code tha...||7.5 - HIGH||2020-06-24||2020-06-29|
Known software with vulnerabilities from Naviwebs
Popular searches for "Naviwebs"
Naviwebs SC Naviwebs 6 4 2 SC is on Facebook. Join Facebook to connect with Naviwebs v t r SC and others you may know. Facebook gives people the power to share and makes the world more open and connected.Province of Girona Sant Celoni Girona Hostalric Empuriabrava Celrà Xuixo Empordà Bescanó Gerard Deulofeu CE Premià Province of Castellón Spain Gelida Sant Martí (district) Capellades Olot Capellades Paper Mill Museum Catalonia Marta Xargay