Vulnerabilities (CVE)

Filtered by vendor Navigate Project Subscribe
Filtered by product Navigate
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-5500 1 Navigate Project 1 Navigate 2024-02-04 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the Navigate module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-5499 1 Navigate Project 1 Navigate 2024-02-04 4.0 MEDIUM N/A
The Navigate module for Drupal does not properly check permissions, which allows remote authenticated users to modify custom widgets and create widget database records by leveraging the "navigate view" permission.