Identifier
|
Related Record |
Severity
|
Date Published
|
Description | Versions Affected |
---|---|---|---|---|---|
CVE-2019-6243 | Medium | Jan 12, 2019 | Frog CMS 0.9.5 allows XSS via the forgot password page (aka the /admin/?/login/forgot URI). |
0.9.5
|
|
CVE-2018-9992 | BDSA-2018-1143 | Medium | Apr 11, 2018 | Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Directory" on the admin/?/plugin/file_manager/browse/ screen. |
0.9.5
|
CVE-2018-9991 | BDSA-2018-1144 | Medium | Apr 11, 2018 | Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter. |
0.9.5
|
CVE-2018-8908 | BDSA-2018-0882 | High | Mar 31, 2018 | An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft more... |
0.9.5
|
CVE-2018-20778 | Medium | Feb 11, 2019 | admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element. |
0.9.5
|
|
CVE-2018-20777 | Medium | Feb 11, 2019 | Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field. |
0.9.5
|
|
CVE-2018-20776 | High | Feb 11, 2019 | Frog CMS 0.9.5 provides a directory listing for a /public request. |
0.9.5
|
|
CVE-2018-20775 | High | Feb 11, 2019 | admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file un more... |
0.9.5
|
|
CVE-2018-20774 | Medium | Feb 11, 2019 | Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field. |
0.9.5
|
|
CVE-2018-20773 | High | Feb 11, 2019 | Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional <?php lines. |
0.9.5
|