First published: Thu Oct 04 2018(Updated: )
Navigate CMS 2.8 has Stored XSS via a navigate_upload.php (aka File Upload) request with a multipart/form-data JavaScript payload.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Naviwebs Navigate CMS | =2.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-17849 is a vulnerability in Navigate CMS 2.8 that allows for Stored XSS attacks.
CVE-2018-17849 occurs when an attacker submits a multipart/form-data JavaScript payload through the navigate_upload.php file upload feature in Navigate CMS 2.8.
CVE-2018-17849 has a severity rating of medium with a CVSS score of 5.4.
Navigate CMS version 2.8 is affected by CVE-2018-17849.
A patch or update provided by Naviwebs is required to fix CVE-2018-17849 in Navigate CMS 2.8.