PT-2020-14065 · Navigate · Navigate Cms
Tranvannam186
·
Published
2020-06-19
·
Updated
2020-06-24
·
CVE-2020-14927
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Navigate CMS version 2.9
Description
The issue allows for XSS attacks through the Alias or Real URL field in the "Web Sites > Create > Aliases > Add" screen.
Recommendations
For Navigate CMS version 2.9, avoid using the Alias or Real URL field in the "Web Sites > Create > Aliases > Add" screen until a fix is available. As a temporary workaround, consider validating and sanitizing all user input for the Alias and Real URL fields to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Navigate Cms