Frog CMS

Settings | Report Duplicate

5

I Use This!

Inactive

Analyzed 1 day ago. based on code collected 1 day ago.

Security

Vulnerabilities per Version

Learn more about BDSAs

Major Versions

click and drag to zoom

Security Vulnerabilities for Version:

Severities:

Type

Identifier	Related Record	Severity	Date Published	Description	Versions Affected
CVE-2019-6243		Medium	Jan 12, 2019	Frog CMS 0.9.5 allows XSS via the forgot password page (aka the /admin/?/login/forgot URI).	0.9.5
CVE-2018-9992	BDSA-2018-1143	Medium	Apr 11, 2018	Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Directory" on the admin/?/plugin/file_manager/browse/ screen.	0.9.5
CVE-2018-9991	BDSA-2018-1144	Medium	Apr 11, 2018	Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter.	0.9.5
CVE-2018-8908	BDSA-2018-0882	High	Mar 31, 2018	An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft more...	0.9.5
CVE-2018-20778		Medium	Feb 11, 2019	admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element.	0.9.5
CVE-2018-20777		Medium	Feb 11, 2019	Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field.	0.9.5
CVE-2018-20776		High	Feb 11, 2019	Frog CMS 0.9.5 provides a directory listing for a /public request.	0.9.5
CVE-2018-20775		High	Feb 11, 2019	admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file un more...	0.9.5
CVE-2018-20774		Medium	Feb 11, 2019	Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field.	0.9.5
CVE-2018-20773		High	Feb 11, 2019	Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional <?php lines.	0.9.5

←
1
2
→