CVSS: 7.2EPSS: 1%CPEs: 1EXPL: 1CVE-2018-20775
https://notcve.org/view.php?id=CVE-2018-20775
11 Feb 2019 — admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI. admin/?/plugin/file_manager en Frog CMS 0.9.5 permite la ejecución de código PHP creando un nuevo archivo .php que contiene código PHP y visitando dicho archivo bajo el URI public/. • https://github.com/philippe/FrogCMS/issues/27 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20776
https://notcve.org/view.php?id=CVE-2018-20776
11 Feb 2019 — Frog CMS 0.9.5 provides a directory listing for a /public request. Frog CMS 0.9.5 proporciona una lista de directorios para una petición /public. • https://github.com/philippe/FrogCMS/issues/21 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20777
https://notcve.org/view.php?id=CVE-2018-20777
11 Feb 2019 — Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field. Frog CMS 0.9.5 tiene Cross-Site Scripting (XSS) mediante el campo Body en admin/?/snippet/edit/1. • https://github.com/philippe/FrogCMS/issues/25 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20778
https://notcve.org/view.php?id=CVE-2018-20778
11 Feb 2019 — admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element. admin/?/plugin/file_manager en Frog CMS 0.9.5 permiten Cross-Site Scripting (XSS) creando un nuevo archivo que contiene un atributo manipulado de un elemento IMG. • https://github.com/philippe/FrogCMS/issues/28 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-6243
https://notcve.org/view.php?id=CVE-2019-6243
12 Jan 2019 — Frog CMS 0.9.5 allows XSS via the forgot password page (aka the /admin/?/login/forgot URI). Frog CMS 0.9.5 permite Cross-Site Scripting (XSS) mediante la página de contraseña olvidada (URI /admin/?/login/forgot). • https://somerandomshitwbu.blogspot.com/2019/01/another-xss-on-frog-cms-open-source.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20680
https://notcve.org/view.php?id=CVE-2018-20680
09 Jan 2019 — Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field. Frog CMS 0.9.5 tiene Cross-Site Scripting (XSS) en el campo del cuerpo en admin/?/page/edit/1. • https://github.com/philippe/FrogCMS/issues/22 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19901
https://notcve.org/view.php?id=CVE-2018-19901
31 Dec 2018 — No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article/index/ "article_title" parameter. La versión 1.1.3 de No-CMS es propenso a Cross-Site Scripting (XSS) persistente mediante el parámetro "article title" en blog/manage_article/index/. • https://github.com/security-breachlock/CVE-2018-19901/blob/master/XSS-1.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19902
https://notcve.org/view.php?id=CVE-2018-19902
31 Dec 2018 — No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article "keyword" parameter. La versión 1.1.3 de No-CMS es propenso a Cross-Site Scripting (XSS) persistente mediante el parámetro "keyword" en blog/manage_article. • https://github.com/security-breachlock/CVE-2018-19902/blob/master/XSS.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2018-20448 – Frog CMS 0.9.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-20448
25 Dec 2018 — Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI. Frog CMS 0.9.5 tiene Cross-Site Scripting (XSS) mediante el nombre del campo Database en el URI /install/index.php. Frog CMS version 0.9.5 suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/150989 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18939
https://notcve.org/view.php?id=CVE-2018-18939
05 Nov 2018 — An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via a seventh input field. Se ha descubierto un problema en WUZHI CMS 4.1.0. Hay Cross-Site Scripting (XSS) persistente en index.php? • https://github.com/wuzhicms/wuzhicms/issues/159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •