Naviwebs: >> Navigatecms >> 2.9 Security Vulnerabilities
NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration."
CVSS Score
5.4
EPSS Score
0.002
Published
2020-08-26
The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-06-15
Page 2