41 matches found
CVE-2018-20774
Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field...
CVE-2018-20776
Frog CMS 0.9.5 provides a directory listing for a /public request...
CVE-2018-20778
admin/?/plugin/filemanager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element...
Cross site scripting
admin/?/plugin/filemanager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element...
CVE-2018-20774
Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field...
CVE-2018-20777
Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field...
CVE-2018-20773
Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional ?php lines...
CVE-2018-20772
CVE-2018-20772 affects Frog CMS 0.9.5. The vulnerability allows PHP code execution via the PHP opening tag in the request to the URI admin/?/layout/edit/1, indicating a code-injection path in that administration handler. The root cause is improper handling of PHP code within that endpoint, enabli...
CVE-2019-6243
Frog CMS 0.9.5 allows XSS via the forgot password page aka the /admin/?/login/forgot URI...
CVE-2019-6243
Frog CMS 0.9.5 allows XSS via the forgot password page aka the /admin/?/login/forgot URI...
Design/Logic Flaw
Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field...
CVE-2018-20680
Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field...
Frog CMS 0.9.5 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Frog CMS 0.9.5 - Cross-Site Scripting Exploit Author:WangDudu Vendor Homepage: https://github.com/philippe/FrogCMS Software Link: https://github.com/philippe/FrogCMS Version:0.9.5 CVE :CVE-2018-20448 The parameter under...
Frog CMS 0.9.5 Cross Site Scripting
Exploit Title: Frog CMS 0.9.5 - Cross-Site Scripting Date: 2018-12-25 Exploit Author:WangDudu Vendor Homepage: https://github.com/philippe/FrogCMS Software Link: https://github.com/philippe/FrogCMS Version:0.9.5 CVE :CVE-2018-20448 The parameter under /install/index.php is that the Database name...
Frog CMS 0.9.5 - Cross-Site Scripting
Exploit Title: Frog CMS 0.9.5 - Cross-Site Scripting Date: 2018-12-25 Exploit Author:WangDudu Vendor Homepage: https://github.com/philippe/FrogCMS Software Link: https://github.com/philippe/FrogCMS Version:0.9.5 CVE :CVE-2018-20448 The parameter under /install/index.php is that the Database name...
Design/Logic Flaw
Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI...
Cross site request forgery (csrf)
Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF...
CVE-2018-16447
Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF...
Cross site scripting
Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings...
CVE-2018-16374
Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings...