πŸ” CVE Alert

CVE-2026-3317

UNKNOWN 0.0

Reflected Cross-Site Scripting in Navigate CMS application

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

Reflected Cross-Site Scripting (XSS) vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through designed query parameters. This results in unsafe HTML rendering, which could allow a remote attacker to execute JavaScript code in the victim's browser.

CWE CWE-79
Vendor navigate
Product navigate cms
Published Apr 21, 2026
Stay Ahead of the Next One

Get instant alerts for navigate navigate cms

Be the first to know when new unknown vulnerabilities affecting navigate navigate cms are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

Navigate / Navigate CMS
0 ≀ 2.9.5

References

NVD β†— CVE.org β†— EPSS Data β†—
incibe.es: https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scripting-navigate-cms-application

Credits

Gonzalo Aguilar GarcΓ­a (6h4ack)