Frogcms
by Philippe
Source repositories
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-20448 | 0.03 | — | 0.00 | Dec 25, 2018 | Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI. | |||
| CVE-2018-20776 | 0.00 | — | 0.00 | Feb 11, 2019 | Frog CMS 0.9.5 provides a directory listing for a /public request. | |||
| CVE-2018-20773 | 0.00 | — | 0.01 | Feb 11, 2019 | Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional <?php lines. | |||
| CVE-2018-20772 | 0.00 | — | 0.01 | Feb 11, 2019 | Frog CMS 0.9.5 allows PHP code execution via <?php to the admin/?/layout/edit/1 URI. | |||
| CVE-2018-20775 | 0.00 | — | 0.01 | Feb 11, 2019 | admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI. | |||
| CVE-2018-20778 | 0.00 | — | 0.00 | Feb 11, 2019 | admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element. | |||
| CVE-2018-20774 | 0.00 | — | 0.00 | Feb 11, 2019 | Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field. | |||
| CVE-2019-6243 | 0.00 | — | 0.00 | Jan 12, 2019 | Frog CMS 0.9.5 allows XSS via the forgot password page (aka the /admin/?/login/forgot URI). | |||
| CVE-2018-20680 | 0.00 | — | 0.00 | Jan 9, 2019 | Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field. | |||
| CVE-2018-16447 | 0.00 | — | 0.00 | Sep 4, 2018 | Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF. | |||
| CVE-2018-16374 | 0.00 | — | 0.00 | Sep 3, 2018 | Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings. |
- CVE-2018-20448Dec 25, 2018risk 0.03cvss —epss 0.00
Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI.
- CVE-2018-20776Feb 11, 2019risk 0.00cvss —epss 0.00
Frog CMS 0.9.5 provides a directory listing for a /public request.
- CVE-2018-20773Feb 11, 2019risk 0.00cvss —epss 0.01
Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional <?php lines.
- CVE-2018-20772Feb 11, 2019risk 0.00cvss —epss 0.01
Frog CMS 0.9.5 allows PHP code execution via <?php to the admin/?/layout/edit/1 URI.
- CVE-2018-20775Feb 11, 2019risk 0.00cvss —epss 0.01
admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI.
- CVE-2018-20778Feb 11, 2019risk 0.00cvss —epss 0.00
admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element.
- CVE-2018-20774Feb 11, 2019risk 0.00cvss —epss 0.00
Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field.
- CVE-2019-6243Jan 12, 2019risk 0.00cvss —epss 0.00
Frog CMS 0.9.5 allows XSS via the forgot password page (aka the /admin/?/login/forgot URI).
- CVE-2018-20680Jan 9, 2019risk 0.00cvss —epss 0.00
Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field.
- CVE-2018-16447Sep 4, 2018risk 0.00cvss —epss 0.00
Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF.
- CVE-2018-16374Sep 3, 2018risk 0.00cvss —epss 0.00
Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings.