CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-9991
https://notcve.org/view.php?id=CVE-2018-9991
Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter. Frog CMS 0.9.5 tiene Cross-Site Scripting (XSS) mediante los parámetros /admin/?/user/add Name o Username. • https://gist.github.com/prafagr/98e625d2da82c5b9a7d75e6c3e947a63 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-8908 – Frog CMS 0.9.5 - Cross-Site Request Forgery (Add User)
https://notcve.org/view.php?id=CVE-2018-8908
An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin privileges. This happens due to lack of an anti-CSRF token in state modification requests. • https://www.exploit-db.com/exploits/44383 http://securitywarrior9.blogspot.in/2018/03/cross-site-request-forgery-frog-cms-cve.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 1CVE-2014-4912 – Frog CMS 0.9.5 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2014-4912
An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation. Se ha descubierto un problema de subida de archivos arbitrarios en Frog CMS 0.9.5 debido a la falta de validación de extensión. • https://www.exploit-db.com/exploits/33983 • CWE-434: Unrestricted Upload of File with Dangerous Type •