CVE-2020-14018

Name of the Vulnerable Software and Affected Versions Navigate CMS version 2.9 r1433

Description The issue is related to a stored XSS that is executed on the pages for viewing and editing users. This is present in both the User field and the E-Mail field. On the Edit user page, the XSS is triggered via the E-Mail field, while on the View user page, it is triggered via either the User field or the E-Mail field.

Recommendations For Navigate CMS version 2.9 r1433, as a temporary workaround, consider disabling the editing and viewing of user profiles until a patch is available. Restrict access to the user management module to minimize the risk of exploitation. Avoid using the User and E-Mail fields in the affected pages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.