{
  "schema_version": "1.4.0",
  "id": "GHSA-gh7r-jpw7-q393",
  "modified": "2022-05-24T19:10:17Z",
  "published": "2022-05-24T19:10:17Z",
  "aliases": [
    "CVE-2021-36454"
  ],
  "details": "Cross Site Scripting (XSS) vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1) backups\\backups.php, 2) blocks\\blocks.php, 3) brands\\brands.php, 4) comments\\comments.php, 5) coupons\\coupons.php, 6) feeds\\feeds.php, 7) functions\\functions.php, 8) items\\items.php, 9) menus\\menus.php, 10) orders\\orders.php, 11) payment_methods\\payment_methods.php, 12) products\\products.php, 13) profiles\\profiles.php, 14) shipping_methods\\shipping_methods.php, 15) templates\\templates.php, 16) users\\users.php, 17) webdictionary\\webdictionary.php, 18) websites\\websites.php, and 19) webusers\\webusers.php because the initial_url function is built in these files.",
  "severity": [],
  "affected": [],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36454"
    },
    {
      "type": "WEB",
      "url": "https://github.com/NavigateCMS/Navigate-CMS/issues/24"
    },
    {
      "type": "WEB",
      "url": "https://www.navigatecms.com/en/blog/development/navigate_cms_update_2_9_4"
    }
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-06T16:15:00Z"
  }
}