header-logo
Suggest Exploit
vendor:
Navigate CMS
by:
Felipe 'Renzi' Gabriel
8.8
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: Navigate CMS
Affected Version From: 2.8
Affected Version To: 2.8
Patch Exists: YES
Related CWE: CVE-2018-17255
CPE: 2.8
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: None
2018

Navigate CMS 2.8 – Cross-Site Scripting

A Reflected Cross-Site Scripting web vulnerability has been discovered in the 'Navigate CMS' web-application. The vulnerability is located in the 'fid' parameter of the`navigate.php` action GET method request.

Mitigation:

Input validation and output encoding should be used to prevent XSS attacks.
Source

Exploit-DB raw data:

# Title: Navigate CMS 2.8 - Cross-Site Scripting 
# Author: Felipe "Renzi" Gabriel
# Date: 2018-09-19
# Vendor: https://www.navigatecms.com/en/home
# Software: Navigate CMS 2.8
# CVE: CVE-2018-17255

# Technical Details & Description:
# A Reflected Cross-Site Scripting web vulnerability has been discovered in the "Navigate CMS" web-application.
# The vulnerability is located in the 'fid' parameter of the`navigate.php` action GET method request.
  
# PoC
  
http://Target/navigate/navigate.php?fid=files"><marquee>RENZI</marquee>

Navigation

Suggest Exploit

Services By CQR