CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 2CVE-2018-16373
https://notcve.org/view.php?id=CVE-2018-16373
03 Sep 2018 — Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save. Frog CMS 0.9.5 tiene una vulnerabilidad de subida que puede crear archivos mediante /admin/?/plugin/file_manager/save. • https://github.com/snappyJack/CVE-2018-16373 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16374
https://notcve.org/view.php?id=CVE-2018-16374
03 Sep 2018 — Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings. Frog CMS 0.9.5 tiene Cross-Site Scripting (XSS) persistente mediante /admin/?/plugin/comment/settings. • https://github.com/philippe/FrogCMS/issues/14 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2018-11098
https://notcve.org/view.php?id=CVE-2018-11098
15 May 2018 — An issue was discovered in Frog CMS 0.9.5. There is a file upload vulnerability via the admin/?/plugin/file_manager/upload URI, a similar issue to CVE-2014-4912. Se ha descubierto un problema en Frog CMS 0.9.5. Existe una vulnerabilidad de subida de archivos mediante el URI admin/? • https://github.com/philippe/FrogCMS/issues/11 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-9991
https://notcve.org/view.php?id=CVE-2018-9991
11 Apr 2018 — Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter. Frog CMS 0.9.5 tiene Cross-Site Scripting (XSS) mediante los parámetros /admin/?/user/add Name o Username. • https://gist.github.com/prafagr/98e625d2da82c5b9a7d75e6c3e947a63 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-9992
https://notcve.org/view.php?id=CVE-2018-9992
11 Apr 2018 — Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Directory" on the admin/?/plugin/file_manager/browse/ screen. Frog CMS 0.9.5 tiene Cross-Site Scripting (XSS) mediante el campo nombre de un nuevo "File" (archivo) o "Directory" (directorio) en la pantalla admin/?/plugin/file_manager/browse/. • https://gist.github.com/priyanksethi/48cce2fc4257213c8aca91e3c82a4ad3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2018-8908 – Frog CMS 0.9.5 - Cross-Site Request Forgery (Add User)
https://notcve.org/view.php?id=CVE-2018-8908
31 Mar 2018 — An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin privileges. This happens due to lack of an anti-CSRF token in state modification requests. • https://packetstorm.news/files/id/146981 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 8%CPEs: 1EXPL: 1CVE-2014-4912 – Frog CMS 0.9.5 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2014-4912
22 Mar 2018 — An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation. Se ha descubierto un problema de subida de archivos arbitrarios en Frog CMS 0.9.5 debido a la falta de validación de extensión. • https://www.exploit-db.com/exploits/33983 • CWE-434: Unrestricted Upload of File with Dangerous Type •