CVE-2018-16374
https://notcve.org/view.php?id=CVE-2018-16374
Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings. Frog CMS 0.9.5 tiene Cross-Site Scripting (XSS) persistente mediante /admin/?/plugin/comment/settings. • https://github.com/philippe/FrogCMS/issues/14 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-16373
https://notcve.org/view.php?id=CVE-2018-16373
Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save. Frog CMS 0.9.5 tiene una vulnerabilidad de subida que puede crear archivos mediante /admin/?/plugin/file_manager/save. • https://github.com/snappyJack/CVE-2018-16373 https://github.com/philippe/FrogCMS/issues/13 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2018-11098
https://notcve.org/view.php?id=CVE-2018-11098
An issue was discovered in Frog CMS 0.9.5. There is a file upload vulnerability via the admin/?/plugin/file_manager/upload URI, a similar issue to CVE-2014-4912. Se ha descubierto un problema en Frog CMS 0.9.5. Existe una vulnerabilidad de subida de archivos mediante el URI admin/? • https://github.com/philippe/FrogCMS/issues/11 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2018-9992
https://notcve.org/view.php?id=CVE-2018-9992
Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Directory" on the admin/?/plugin/file_manager/browse/ screen. Frog CMS 0.9.5 tiene Cross-Site Scripting (XSS) mediante el campo nombre de un nuevo "File" (archivo) o "Directory" (directorio) en la pantalla admin/?/plugin/file_manager/browse/. • https://gist.github.com/priyanksethi/48cce2fc4257213c8aca91e3c82a4ad3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-9991
https://notcve.org/view.php?id=CVE-2018-9991
Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter. Frog CMS 0.9.5 tiene Cross-Site Scripting (XSS) mediante los parámetros /admin/?/user/add Name o Username. • https://gist.github.com/prafagr/98e625d2da82c5b9a7d75e6c3e947a63 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •