Virus and Security Alerts

CVE-2020-23242 (navigatecms)

2021-07-26 21:15:16
Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools feature.
National Vulnerability Database
CVE-2020-23240 (cms_made_simple)

2021-07-26 21:15:16
Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature.
National Vulnerability Database
CVE-2020-23243 (navigatecms)

2021-07-26 21:15:16
Cross Site Scripting (XSS) vulnerability in NavigateCMS NavigateCMS 2.9 via the name="wrong_path_redirect" feature.
National Vulnerability Database
CVE-2020-23241 (cms_made_simple)

2021-07-26 21:15:16
Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News > Article" feature.
National Vulnerability Database
CVE-2020-23234 (lavalite)

2021-07-26 20:15:08
Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,".
National Vulnerability Database
CVE-2020-23239 (textpattern)

2021-07-26 20:15:08
Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature.
National Vulnerability Database
CVE-2020-23238 (evolution_cms)

2021-07-26 20:15:08
Cross Site Scripting (XSS) vulnerability in Evolution CMS 2.0.2 via the Document Manager feature.
National Vulnerability Database
CVE-2021-37475 (navigatecms)

2021-07-26 18:15:08
In NavigateCMS version 2.9.4 and below, function in `templates.php` is vulnerable to sql injection on parameter `template-properties-order`, which results in arbitrary sql query execution in the backend database.
National Vulnerability Database
CVE-2021-37473 (navigatecms)

2021-07-26 18:15:08
In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `products-order` through a post request, which results in arbitrary sql query execution in the backend database.
National Vulnerability Database
CVE-2021-37477 (navigatecms)

2021-07-26 18:15:08
In NavigateCMS version 2.9.4 and below, function in `structure.php` is vulnerable to sql injection on parameter `children_order`, which results in arbitrary sql query execution in the backend database.
National Vulnerability Database
CVE-2021-37476 (navigatecms)

2021-07-26 18:15:08
In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `id` through a post request, which results in arbitrary sql query execution in the backend database.
National Vulnerability Database