Frogcms
CVEs (23)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-4912 | Cri | 0.67 | 9.8 | 0.09 | Mar 22, 2018 | An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation. | ||
| CVE-2018-16447 | Hig | 0.57 | 8.8 | 0.01 | Sep 4, 2018 | Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF. | ||
| CVE-2018-20776 | Hig | 0.49 | 7.5 | 0.02 | Feb 11, 2019 | Frog CMS 0.9.5 provides a directory listing for a /public request. | ||
| CVE-2018-20775 | Hig | 0.47 | 7.2 | 0.02 | Feb 11, 2019 | admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI. | ||
| CVE-2018-20773 | Hig | 0.47 | 7.2 | 0.02 | Feb 11, 2019 | Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional <?php lines. | ||
| CVE-2018-20772 | Hig | 0.47 | 7.2 | 0.02 | Feb 11, 2019 | Frog CMS 0.9.5 allows PHP code execution via <?php to the admin/?/layout/edit/1 URI. | ||
| CVE-2018-11098 | Hig | 0.47 | 7.2 | 0.01 | May 15, 2018 | An issue was discovered in Frog CMS 0.9.5. There is a file upload vulnerability via the admin/?/plugin/file_manager/upload URI, a similar issue to CVE-2014-4912. | ||
| CVE-2018-20778 | Med | 0.40 | 6.1 | 0.01 | Feb 11, 2019 | admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element. | ||
| CVE-2019-6243 | Med | 0.40 | 6.1 | 0.01 | Jan 12, 2019 | Frog CMS 0.9.5 allows XSS via the forgot password page (aka the /admin/?/login/forgot URI). | ||
| CVE-2018-20448 | Med | 0.38 | 5.4 | 0.02 | Dec 25, 2018 | Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI. | ||
| CVE-2018-20774 | Med | 0.35 | 5.4 | 0.01 | Feb 11, 2019 | Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field. | ||
| CVE-2018-10806 | Med | 0.35 | 5.4 | 0.00 | May 8, 2018 | An issue was discovered in Frog CMS 0.9.5. There is a reflected Cross Site Scripting Vulnerability via the file[current_name] parameter to the admin/?/plugin/file_manager/rename URI. This can be used in conjunction with CSRF. | ||
| CVE-2018-10321 | Med | 0.34 | 4.8 | 0.02 | Apr 24, 2018 | Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings. | ||
| CVE-2018-16373 | Med | 0.32 | 4.9 | 0.01 | Sep 3, 2018 | Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save. | ||
| CVE-2018-20680 | Med | 0.31 | 4.8 | 0.01 | Jan 9, 2019 | Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field. | ||
| CVE-2018-19844 | Med | 0.31 | 4.8 | 0.01 | Dec 31, 2018 | FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edit action, a related issue to CVE-2018-10319. | ||
| CVE-2018-16374 | Med | 0.31 | 4.8 | 0.01 | Sep 3, 2018 | Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings. | ||
| CVE-2018-10570 | Med | 0.31 | 4.8 | 0.01 | Apr 30, 2018 | Frog CMS 0.9.5 has XSS in /install/index.php via the ['config']['admin_username'] field. | ||
| CVE-2018-10320 | Med | 0.31 | 4.8 | 0.01 | Apr 24, 2018 | Frog CMS 0.9.5 has XSS via the admin/?/layout/edit layout[name] parameter, aka Edit Layout. | ||
| CVE-2018-10319 | Med | 0.31 | 4.8 | 0.01 | Apr 24, 2018 | Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit snippet[name] parameter, aka Edit Snippet. |
- risk 0.67cvss 9.8epss 0.09
An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation.
- risk 0.57cvss 8.8epss 0.01
Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF.
- risk 0.49cvss 7.5epss 0.02
Frog CMS 0.9.5 provides a directory listing for a /public request.
- risk 0.47cvss 7.2epss 0.02
admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI.
- risk 0.47cvss 7.2epss 0.02
Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional <?php lines.
- risk 0.47cvss 7.2epss 0.02
Frog CMS 0.9.5 allows PHP code execution via <?php to the admin/?/layout/edit/1 URI.
- risk 0.47cvss 7.2epss 0.01
An issue was discovered in Frog CMS 0.9.5. There is a file upload vulnerability via the admin/?/plugin/file_manager/upload URI, a similar issue to CVE-2014-4912.
- risk 0.40cvss 6.1epss 0.01
admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element.
- risk 0.40cvss 6.1epss 0.01
Frog CMS 0.9.5 allows XSS via the forgot password page (aka the /admin/?/login/forgot URI).
- risk 0.38cvss 5.4epss 0.02
Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI.
- risk 0.35cvss 5.4epss 0.01
Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field.
- risk 0.35cvss 5.4epss 0.00
An issue was discovered in Frog CMS 0.9.5. There is a reflected Cross Site Scripting Vulnerability via the file[current_name] parameter to the admin/?/plugin/file_manager/rename URI. This can be used in conjunction with CSRF.
- risk 0.34cvss 4.8epss 0.02
Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings.
- risk 0.32cvss 4.9epss 0.01
Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save.
- risk 0.31cvss 4.8epss 0.01
Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field.
- risk 0.31cvss 4.8epss 0.01
FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edit action, a related issue to CVE-2018-10319.
- risk 0.31cvss 4.8epss 0.01
Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings.
- risk 0.31cvss 4.8epss 0.01
Frog CMS 0.9.5 has XSS in /install/index.php via the ['config']['admin_username'] field.
- risk 0.31cvss 4.8epss 0.01
Frog CMS 0.9.5 has XSS via the admin/?/layout/edit layout[name] parameter, aka Edit Layout.
- risk 0.31cvss 4.8epss 0.01
Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit snippet[name] parameter, aka Edit Snippet.
Page 1 of 2