Browse all 4 CVE security advisories affecting Navetti. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Navetti develops procurement software solutions for enterprise resource planning systems. Historically, vulnerabilities in their products have commonly included remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from insufficient input validation and access control issues. While no major public security incidents have been widely documented, the four CVEs recorded to date highlight persistent security concerns around authentication bypass and insecure direct object references. Their applications typically handle sensitive financial data, making robust security controls critical to prevent unauthorized access or system compromise.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2017-20045 | Navetti PricePoint cross-site request forgery — PricePointCWE-352 | 7.3 | High | 2022-06-13 |
| CVE-2017-20044 | Navetti PricePoint Reflected cross site scriting — PricePointCWE-80 | 4.3 | Medium | 2022-06-13 |
| CVE-2017-20043 | Navetti PricePoint Persistent cross site scriting — PricePointCWE-80 | 4.3 | Medium | 2022-06-13 |
| CVE-2017-20042 | Navetti PricePoint Blind sql injection — PricePointCWE-89 | 6.3 | Medium | 2022-06-13 |
This page lists every published CVE security advisory associated with Navetti. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.