CVE-2018-20448 – Frog CMS 0.9.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-20448
Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI. Frog CMS 0.9.5 tiene Cross-Site Scripting (XSS) mediante el nombre del campo Database en el URI /install/index.php. Frog CMS version 0.9.5 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/46067 https://github.com/philippe/FrogCMS/issues/20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-16374
https://notcve.org/view.php?id=CVE-2018-16374
Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings. Frog CMS 0.9.5 tiene Cross-Site Scripting (XSS) persistente mediante /admin/?/plugin/comment/settings. • https://github.com/philippe/FrogCMS/issues/14 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-16373
https://notcve.org/view.php?id=CVE-2018-16373
Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save. Frog CMS 0.9.5 tiene una vulnerabilidad de subida que puede crear archivos mediante /admin/?/plugin/file_manager/save. • https://github.com/snappyJack/CVE-2018-16373 https://github.com/philippe/FrogCMS/issues/13 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2018-11098
https://notcve.org/view.php?id=CVE-2018-11098
An issue was discovered in Frog CMS 0.9.5. There is a file upload vulnerability via the admin/?/plugin/file_manager/upload URI, a similar issue to CVE-2014-4912. Se ha descubierto un problema en Frog CMS 0.9.5. Existe una vulnerabilidad de subida de archivos mediante el URI admin/? • https://github.com/philippe/FrogCMS/issues/11 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2018-9992
https://notcve.org/view.php?id=CVE-2018-9992
Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Directory" on the admin/?/plugin/file_manager/browse/ screen. Frog CMS 0.9.5 tiene Cross-Site Scripting (XSS) mediante el campo nombre de un nuevo "File" (archivo) o "Directory" (directorio) en la pantalla admin/?/plugin/file_manager/browse/. • https://gist.github.com/priyanksethi/48cce2fc4257213c8aca91e3c82a4ad3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •