CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-9991
https://notcve.org/view.php?id=CVE-2018-9991
11 Apr 2018 — Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter. Frog CMS 0.9.5 tiene Cross-Site Scripting (XSS) mediante los parámetros /admin/?/user/add Name o Username. • https://gist.github.com/prafagr/98e625d2da82c5b9a7d75e6c3e947a63 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-9992
https://notcve.org/view.php?id=CVE-2018-9992
11 Apr 2018 — Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Directory" on the admin/?/plugin/file_manager/browse/ screen. Frog CMS 0.9.5 tiene Cross-Site Scripting (XSS) mediante el campo nombre de un nuevo "File" (archivo) o "Directory" (directorio) en la pantalla admin/?/plugin/file_manager/browse/. • https://gist.github.com/priyanksethi/48cce2fc4257213c8aca91e3c82a4ad3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2018-8908 – Frog CMS 0.9.5 - Cross-Site Request Forgery (Add User)
https://notcve.org/view.php?id=CVE-2018-8908
31 Mar 2018 — An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin privileges. This happens due to lack of an anti-CSRF token in state modification requests. • https://packetstorm.news/files/id/146981 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 8%CPEs: 1EXPL: 1CVE-2014-4912 – Frog CMS 0.9.5 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2014-4912
22 Mar 2018 — An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation. Se ha descubierto un problema de subida de archivos arbitrarios en Frog CMS 0.9.5 debido a la falta de validación de extensión. • https://www.exploit-db.com/exploits/33983 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2018-8766
https://notcve.org/view.php?id=CVE-2018-8766
18 Mar 2018 — joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/admin_vod.php?action=add. joyplus-cms 1.6.0 permite la ejecución remota de código debido a un problema de subida de archivos arbitrarios en manager/editor/upload.php. Esto está relacionado con manager/admin_vod.php?action=add. • https://github.com/joyplus/joyplus-cms/issues/421 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-8767
https://notcve.org/view.php?id=CVE-2018-8767
18 Mar 2018 — joyplus-cms 1.6.0 has XSS in manager/admin_ajax.php?action=save&tab={pre}vod_type via the t_name parameter. joyplus-cms 1.6.0 tiene Cross-Site Scripting (XSS) en manager/admin_ajax.php?action=savetab={pre}vod_type mediante el parámetro t_name. • https://github.com/joyplus/joyplus-cms/issues/420 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-8717
https://notcve.org/view.php?id=CVE-2018-8717
14 Mar 2018 — joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an administrator account via a manager/admin_ajax.php?action=save&tab={pre}manager request. joyplus-cms 1.6.0 tiene Cross-Site Request Forgery (CSRF), tal y como demuestra la adición de una cuenta de administrador mediante una petición manager/admin_ajax.php?action=savetab={pre}manager. • https://github.com/joyplus/joyplus-cms/issues/419 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-7274 – Yab Quarx 2.4.3 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-7274
21 Feb 2018 — Yab Quarx through 2.4.3 is prone to multiple persistent cross-site scripting vulnerabilities: Blog (Title), FAQ (Question), Pages (Title), Widgets (Name), and Menus (Name). Yab Quarx, hasta la versión 2.4.3, es propenso a múltiples vulnerabilidades de Cross-Site Scripting (XSS) persistente: Blog (título), FAQ (pregunta), Pages (título), Widgets (nombre), and Menus (nombre). Yab Quarx versions 2.4.3 and below suffer from multiple cross site scripting vulnerabilities. • https://packetstorm.news/files/id/146496 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-5969 – Photography CMS 1.0 - Cross-Site Request Forgery (Add Admin)
https://notcve.org/view.php?id=CVE-2018-5969
24 Jan 2018 — Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via clients/resources/ajax/ajax_new_admin.php, as demonstrated by adding an admin account. Existe Cross-Site Request Forgery (CSRF) en Photography CMS 1.0 mediante clients/resources/ajax/ajax_new_admin.php, tal y como demuestra la adición de una cuenta admin. Photography CMS version 1.0 suffers from a cross site request forgery vulnerability. • https://packetstorm.news/files/id/146055 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 2CVE-2017-17607 – CMS Auditor Website 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2017-17607
13 Dec 2017 — CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-detail. CMS Auditor Website 1.0 tiene una inyección SQL mediante el parámetro PATH_INFO en /news-detail. • https://www.exploit-db.com/exploits/43272 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •