Reflected Cross-Site Scripting Vulnerability in Navigate Content Management System
CVE-2026-3317

5.1MEDIUM

Key Information:

Vendor

Navigate

Status
Navigate Cms
Vendor
CVE Published:
21 April 2026

What is CVE-2026-3317?

A Reflected Cross-Site Scripting (XSS) vulnerability exists in the Navigate Content Management System. This flaw is found in the '/blog' endpoint, where user input is inadequately sanitized through specific query parameters. As a result, attackers may exploit this weakness to inject malicious scripts, allowing them to run unauthorized JavaScript code within the victim's browser. This may lead to various security issues, including data theft and session hijacking. It's essential for users of Navigate CMS to apply the recommended patches to mitigate this risk.

Affected Version(s)

Navigate CMS 0 <= 2.9.5

Navigate CMS 2.9.6

References

https://www.incibe.es/en/incibe-cert/notices/aviso/reflec...
patch

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Gonzalo Aguilar GarcĂ­a (6h4ack)
.