Vulnerabilities > Frog CMS Project > Frog CMS

DATE CVE VULNERABILITY TITLE RISK
2018-12-25 CVE-2018-20448 Cross-site Scripting vulnerability in Frog CMS Project Frog CMS 0.9.5
Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI.
3.5
2018-09-03 CVE-2018-16374 Cross-site Scripting vulnerability in Frog CMS Project Frog CMS 0.9.5
Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings.
3.5
2018-09-03 CVE-2018-16373 Unrestricted Upload of File with Dangerous Type vulnerability in Frog CMS Project Frog CMS 0.9.5
Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save.
network
low complexity
frog-cms-project CWE-434
4.0
2018-05-15 CVE-2018-11098 Unrestricted Upload of File with Dangerous Type vulnerability in Frog CMS Project Frog CMS 0.9.5
An issue was discovered in Frog CMS 0.9.5.
network
low complexity
frog-cms-project CWE-434
6.5
2018-04-11 CVE-2018-9992 Cross-site Scripting vulnerability in Frog CMS Project Frog CMS 0.9.5
Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Directory" on the admin/?/plugin/file_manager/browse/ screen.
3.5
2018-04-11 CVE-2018-9991 Cross-site Scripting vulnerability in Frog CMS Project Frog CMS 0.9.5
Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter.
3.5
2018-03-31 CVE-2018-8908 Cross-Site Request Forgery (CSRF) vulnerability in Frog CMS Project Frog CMS 0.9.5
An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5.
6.8
2018-03-22 CVE-2014-4912 Unrestricted Upload of File with Dangerous Type vulnerability in Frog CMS Project Frog CMS 0.9.5
An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation.
network
low complexity
frog-cms-project CWE-434
7.5