Multiple vulnerabilities in Naviwebs Navigate CMS



Published: 2020-06-19 | Updated: 2020-08-08
Risk Medium
Patch available NO
Number of vulnerabilities 6
CVE-ID CVE-2020-14014
CVE-2020-14015
CVE-2020-14016
CVE-2020-14017
CVE-2020-14018
CVE-2020-14927
CWE-ID CWE-79
CWE-640
CWE-352
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Navigate CMS
Web applications / CMS

Vendor Naviwebs

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Cross-site scripting

EUVDB-ID: #VU34194

Risk: Low

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14014

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to read and manipulate data.

An issue was discovered in Navigate CMS 2.9 r1433. The query parameter fid on the resource navigate.php does not perform sufficient data validation and/or encoding, making it vulnerable to reflected XSS.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Navigate CMS: 2.9

External links

http://blog.sean-wright.com/navigate-cms/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Weak Password Recovery Mechanism for Forgotten Password

EUVDB-ID: #VU34195

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14015

CWE-ID: CWE-640 - Weak password recovery mechanism

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

An issue was discovered in Navigate CMS 2.9 r1433. When performing a password reset, a user is emailed an activation code that allows them to reset their password. There is, however, a flaw when no activation code is supplied. The system will allow an unauthorized user to continue setting a password, even though no activation code was supplied, setting the password for the most recently created user in the system (the user with the highest user id).

Mitigation

Install update from vendor's website.

Vulnerable software versions

Navigate CMS: 2.9

External links

http://blog.sean-wright.com/navigate-cms/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Weak Password Recovery Mechanism for Forgotten Password

EUVDB-ID: #VU34196

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14016

CWE-ID: CWE-640 - Weak password recovery mechanism

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to reset their passwords by using either their username or the email address associated with their account. However, the feature returns a not_found message when the provided username or email address does not match a user in the system. This can be used to enumerate users.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Navigate CMS: 2.9

External links

http://blog.sean-wright.com/navigate-cms/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Cross-site request forgery

EUVDB-ID: #VU34197

Risk: Medium

CVSSv3.1: 6.9 [AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2020-14017

CWE-ID: CWE-352 - Cross-Site Request Forgery (CSRF)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Navigate CMS: 2.9

External links

http://blog.sean-wright.com/navigate-cms/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Cross-site scripting

EUVDB-ID: #VU34198

Risk: Low

CVSSv3.1: 5.6 [AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2020-14018

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Navigate CMS: 2.9

External links

http://blog.sean-wright.com/navigate-cms/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Cross-site scripting

EUVDB-ID: #VU34231

Risk: Low

CVSSv3.1: 4.4 [AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2020-14927

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks via the Alias or Real URL field of the "Web Sites > Create > Aliases > Add" screen.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Navigate CMS: 2.9

External links

http://github.com/NavigateCMS/Navigate-CMS/issues/19


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###