CVE-2021-36454

Cross Site Scripting (XSS) vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1) backupsbackups.php, 2) blocksblocks.php, 3) brandsbrands.php, 4) commentscomments.php, 5) couponscoupons.php, 6) feedsfeeds.php, 7) functionsfunctions.php, 8) itemsitems.php, 9) menusmenus.php, 10) ordersorders.php, 11) payment_methodspayment_methods.php, 12) productsproducts.php, 13) profilesprofiles.php, 14) shipping_methodsshipping_methods.php, 15) templatestemplates.php, 16) usersusers.php, 17) webdictionarywebdictionary.php, 18) websiteswebsites.php, and 19) webuserswebusers.php because the initial_url function is built in these files.

Source: CVE-2021-36454