Known Vulnerabilities for products from Frog Cms Project
Listed below are 18 of the newest known vulnerabilities associated with the vendor "Frog Cms Project".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2019-1010235 | Frog CMS 1.1 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing, Alert pop-up on page, Redirecting to... | 5.4 - MEDIUM | 2019-07-22 | 2019-07-23 |
| CVE-2019-6243 | Frog CMS 0.9.5 allows XSS via the forgot password page (aka the /admin/?/login/forgot URI). | 6.1 - MEDIUM | 2019-01-12 | 2019-01-16 |
| CVE-2018-20778 | admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG elem... | 6.1 - MEDIUM | 2019-02-11 | 2019-02-11 |
| CVE-2018-20777 | Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field. | 5.4 - MEDIUM | 2019-02-11 | 2019-02-11 |
| CVE-2018-20776 | Frog CMS 0.9.5 provides a directory listing for a /public request. | 7.5 - HIGH | 2019-02-11 | 2019-02-11 |
| CVE-2018-20775 | admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and ... | 7.2 - HIGH | 2019-02-11 | 2019-02-11 |
| CVE-2018-20774 | Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field. | 5.4 - MEDIUM | 2019-02-11 | 2019-02-11 |
| CVE-2018-20773 | Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional | 7.2 - HIGH | 2019-02-11 | 2019-02-11 |
| CVE-2018-20772 | Frog CMS 0.9.5 allows PHP code execution via | 7.2 - HIGH | 2019-02-11 | 2019-02-11 |
| CVE-2018-20680 | Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field. | 4.8 - MEDIUM | 2019-01-09 | 2019-01-11 |
| CVE-2018-20448 | Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI. | 5.4 - MEDIUM | 2018-12-25 | 2019-03-04 |
| CVE-2018-16374 | Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings. | 4.8 - MEDIUM | 2018-09-03 | 2018-10-24 |
| CVE-2018-16373 | Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save. | 4.9 - MEDIUM | 2018-09-03 | 2018-10-25 |
| CVE-2018-11098 | An issue was discovered in Frog CMS 0.9.5. There is a file upload vulnerability via the admin/?/plugin/file_manager/upload UR... | 7.2 - HIGH | 2018-05-15 | 2018-06-19 |
| CVE-2018-9992 | Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Directory" on the admin/?/plugin/file_manager/browse/ screen. | 4.8 - MEDIUM | 2018-04-11 | 2018-05-11 |
| CVE-2018-9991 | Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter. | 4.8 - MEDIUM | 2018-04-11 | 2018-05-11 |
| CVE-2018-8908 | An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A... | 8.8 - HIGH | 2018-03-31 | 2018-05-09 |
| CVE-2014-4912 | An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation. | 9.8 - CRITICAL | 2018-03-22 | 2018-04-18 |
Known software with vulnerabilities from Frog Cms Project
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Frog Cms Project | Frog Cms | 0.9.5 |