Vulnerabilities > Frog CMS Project

DATE CVE VULNERABILITY TITLE RISK
2018-12-25 CVE-2018-20448 Cross-site Scripting vulnerability in Frog CMS Project Frog CMS 0.9.5
Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI.
network
low complexity
frog-cms-project CWE-79
5.4
2018-09-03 CVE-2018-16374 Cross-site Scripting vulnerability in Frog CMS Project Frog CMS 0.9.5
Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings.
network
low complexity
frog-cms-project CWE-79
4.8
2018-09-03 CVE-2018-16373 Unrestricted Upload of File with Dangerous Type vulnerability in Frog CMS Project Frog CMS 0.9.5
Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save.
network
low complexity
frog-cms-project CWE-434
4.9
2018-05-15 CVE-2018-11098 Unrestricted Upload of File with Dangerous Type vulnerability in Frog CMS Project Frog CMS 0.9.5
An issue was discovered in Frog CMS 0.9.5.
network
low complexity
frog-cms-project CWE-434
7.2
2018-04-11 CVE-2018-9992 Cross-site Scripting vulnerability in Frog CMS Project Frog CMS 0.9.5
Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Directory" on the admin/?/plugin/file_manager/browse/ screen.
network
low complexity
frog-cms-project CWE-79
4.8
2018-04-11 CVE-2018-9991 Cross-site Scripting vulnerability in Frog CMS Project Frog CMS 0.9.5
Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter.
network
low complexity
frog-cms-project CWE-79
4.8
2018-03-31 CVE-2018-8908 Cross-Site Request Forgery (CSRF) vulnerability in Frog CMS Project Frog CMS 0.9.5
An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5.
network
low complexity
frog-cms-project CWE-352
8.8
2018-03-22 CVE-2014-4912 Unrestricted Upload of File with Dangerous Type vulnerability in Frog CMS Project Frog CMS 0.9.5
An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation.
network
low complexity
frog-cms-project CWE-434
critical
9.8