jvndb-2021-002282
Vulnerability from jvndb
Published
2021-08-20 14:25
Modified
2021-08-20 14:25
Severity ?
Summary
Multiple vulnerabilities in Navigate CMS
Details
Navigate CMS is an open source Contents Management System (CMS) provided by Naviwebs S.C.
Navigate CMS contains multiple vulnerabilities listed below.
* Reflected cross-site scripting in the Help feature (CWE-79)
* Reflected cross-site scripting (CWE-79) - CVE-2021-36454
* SQL injection (CWE-89) - CVE-2021-36455
Duong Xuan Hiep (Hydrasky) of VNCERT/CC reported these vulnerabilities to the developer and coordinated on his own.
After coordination was completed, this case was reported to JPCERT/CC in order to notify users of the solutions via JVN.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Naviwebs S.C. | Navigate CMS |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-002282.html",
"dc:date": "2021-08-20T14:25+09:00",
"dcterms:issued": "2021-08-20T14:25+09:00",
"dcterms:modified": "2021-08-20T14:25+09:00",
"description": "Navigate CMS is an open source Contents Management System (CMS) provided by Naviwebs S.C.\r\nNavigate CMS contains multiple vulnerabilities listed below.\r\n\r\n * Reflected cross-site scripting in the Help feature (CWE-79)\r\n * Reflected cross-site scripting (CWE-79) - CVE-2021-36454\r\n * SQL injection (CWE-89) - CVE-2021-36455\r\n\r\nDuong Xuan Hiep (Hydrasky) of VNCERT/CC reported these vulnerabilities to the developer and coordinated on his own.\r\nAfter coordination was completed, this case was reported to JPCERT/CC in order to notify users of the solutions via JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-002282.html",
"sec:cpe": {
"#text": "cpe:/a:naviwebs:navigate_cms",
"@product": "Navigate CMS",
"@vendor": "Naviwebs S.C.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-002282",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU95261759/index.html",
"@id": "JVNVU#95261759",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36454",
"@id": "CVE-2021-36454",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36455",
"@id": "CVE-2021-36455",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-36454",
"@id": "CVE-2021-36454",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-36455",
"@id": "CVE-2021-36455",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
}
],
"title": "Multiple vulnerabilities in Navigate CMS"
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.