CVE Tools

naviwebs

Web & CMS Pluginscommercial

26

Cumulative CVEs

4

Monthly snapshots

#52

Peak rank

Top products

navigatecms7 navigate cms1

Latest CVEs

The 15 most recently published vulnerabilities affecting naviwebs.

CVE-2020-37054Navigate CMS 2.8.7 - Cross-Site Request Forgery4.3Jan 30, 2026
CVE-2020-37053Navigate CMS 2.8.7 - ''sidx' SQL Injection7.1Jan 30, 2026
CVE-2022-28117A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the...4.9Apr 28, 2022
CVE-2021-44299A reflected cross-site scripting (XSS) vulnerability in \lib\packages\themes\themes.php of Navigate CMS v2.9.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted ...5.4Jan 19, 2022
CVE-2021-44351An arbitrary file read vulnerability exists in NavigateCMS 2.9 via /navigate/navigate_download.php id parameter.7.5Jan 6, 2022
CVE-2021-36455SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quicksearch parameter in \lib\packages\comments\comments.php.8.8Aug 6, 2021
CVE-2021-36454Cross Site Scripting (XSS) vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1) backups\backups.php, 2) blocks\blocks.php, 3) brands\brands.php, 4) comments\comments....5.4Aug 6, 2021
CVE-2020-23243Cross Site Scripting (XSS) vulnerability in NavigateCMS NavigateCMS 2.9 via the name="wrong_path_redirect" feature.4.8Jul 26, 2021
CVE-2020-23242Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools feature.4.8Jul 26, 2021
CVE-2021-37478In NavigateCMS version 2.9.4 and below, function `block` is vulnerable to sql injection on parameter `block-order`, which results in arbitrary sql query execution in the backend database.9.8Jul 26, 2021
CVE-2021-37477In NavigateCMS version 2.9.4 and below, function in `structure.php` is vulnerable to sql injection on parameter `children_order`, which results in arbitrary sql query execution in the backend datab...9.8Jul 26, 2021
CVE-2021-37476In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `id` through a post request, which results in arbitrary sql query execution in the back...9.8Jul 26, 2021
CVE-2021-37475In NavigateCMS version 2.9.4 and below, function in `templates.php` is vulnerable to sql injection on parameter `template-properties-order`, which results in arbitrary sql query execution in the ba...9.8Jul 26, 2021
CVE-2021-37473In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `products-order` through a post request, which results in arbitrary sql query execution...9.8Jul 26, 2021
CVE-2020-23711SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php.9.8Jun 28, 2021