First published: Wed Jun 03 2020(Updated: )
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Naviwebs Navigate CMS | <=2.8.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-13797 is a vulnerability in Navigate CMS through 2.8.7 that allows for XSS attacks due to a lack of purify calls in lib/packages/websites/website.class.php.
CVE-2020-13797 has a severity rating of 6.1, which is considered medium.
CVE-2020-13797 affects Navigate CMS version 2.8.7 and below.
The Common Weakness Enumeration (CWE) associated with CVE-2020-13797 is CWE-79, which relates to improper neutralization of input during web page generation ('Cross-site Scripting').
Yes, a fix for CVE-2020-13797 is available in the commit e690bb5d7bbe9df9052b13c403ca0ac5e58054d4 on the Navigate CMS GitHub repository.