MEDIUM
Navigate
CVE published 2026-04-21
CVE-2026-3317
A reflected Cross-Site Scripting (XSS) vulnerability exists in Navigate Content Management System. The flaw resides in the `/blog` endpoint where user-supplied input via query parameters is not properly sanitized, leading to unsafe HTML rendering. A remote attacker can exploit this to execute arbitrary JavaScript in a victim's browser. The vulnerability was published on 2026-04-21 and last modified on 202 [truncated]