SB2020061968 - Multiple vulnerabilities in Naviwebs Navigate CMS

Description

This security bulletin contains information about 6 secuirty vulnerabilities.

1) Cross-site scripting (CVE-ID: CVE-2020-14014)

The vulnerability allows a remote authenticated user to read and manipulate data.

An issue was discovered in Navigate CMS 2.9 r1433. The query parameter fid on the resource navigate.php does not perform sufficient data validation and/or encoding, making it vulnerable to reflected XSS.

2) Weak Password Recovery Mechanism for Forgotten Password (CVE-ID: CVE-2020-14015)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

An issue was discovered in Navigate CMS 2.9 r1433. When performing a password reset, a user is emailed an activation code that allows them to reset their password. There is, however, a flaw when no activation code is supplied. The system will allow an unauthorized user to continue setting a password, even though no activation code was supplied, setting the password for the most recently created user in the system (the user with the highest user id).

3) Weak Password Recovery Mechanism for Forgotten Password (CVE-ID: CVE-2020-14016)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to reset their passwords by using either their username or the email address associated with their account. However, the feature returns a not_found message when the provided username or email address does not match a user in the system. This can be used to enumerate users.

4) Cross-site request forgery (CVE-ID: CVE-2020-14017)

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.

5) Cross-site scripting (CVE-ID: CVE-2020-14018)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

6) Cross-site scripting (CVE-ID: CVE-2020-14927)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks via the Alias or Real URL field of the "Web Sites > Create > Aliases > Add" screen.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

• https://blog.sean-wright.com/navigate-cms/
• https://github.com/NavigateCMS/Navigate-CMS/issues/19