Lucene search
+L

199 matches found

OSV
OSV
added 2018/04/11 6:29 a.m.4 views

CVE-2018-9991

Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter...

4.8CVSS5.8AI score0.00534EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/04/11 6:0 a.m.20 views

CVE-2018-9991

Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter...

5AI score0.00534EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/04/11 6:0 a.m.18 views

CVE-2018-9992

Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Directory" on the admin/?/plugin/filemanager/browse/ screen...

5AI score0.00534EPSS
Exploits1References1
CVE
CVE
added 2018/04/11 6:0 a.m.42 views

CVE-2018-9992

Frog CMS 0.9.5 is affected by a cross-site scripting vulnerability that can be triggered by entering malicious content in the name field when creating a new File or Directory via the admin/?/plugin/file_manager/browse/ screen. The issue is documented across multiple sources (NVD, CNVD, CVE record...

4.8CVSS4.9AI score0.00534EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/04/11 6:0 a.m.43 views

CVE-2018-9991

Frog CMS 0.9.5 is affected by a Cross‑Site Scripting (XSS) vulnerability in the admin user creation flow. The flaw is triggered via the Name or Username parameter in the URL path /admin/?/user/add, allowing injected scripts to potentially execute in the context of an administrator. The issue is d...

4.8CVSS4.9AI score0.00534EPSS
Exploits1References1Affected Software1
exploitpack
exploitpack
added 2018/04/02 12:0 a.m.58 views

Frog CMS 0.9.5 - Cross-Site Request Forgery (Add User)

Frog CMS 0.9.5 - Cross-Site Request Forgery Add User Exploit Title:​​ Cross Site Request Forgery- Frog CMS Date: 31-03-2018 Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://github.com/philippe/FrogCMS Versio...

6.8CVSS0.8AI score0.02354EPSS
Exploits5
0day.today
0day.today
added 2018/04/02 12:0 a.m.52 views

Frog CMS 0.9.5 - Cross-Site Request Forgery (Add User) Vulnerability

Exploit for php platform in category web applications Exploit Title:​​ Cross Site Request Forgery- Frog CMS Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://github.com/philippe/FrogCMS Version: 0.9.5 CVE :...

8.7AI score0.02354EPSS
Exploits5
Prion
Prion
added 2018/03/31 10:29 p.m.22 views

Cross site request forgery (csrf)

An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin privileges. This happens...

6.8CVSS8.5AI score0.02354EPSS
Exploits5References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2018/03/31 10:29 p.m.2 views

CVE-2018-8908

An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin privileges. This happens...

8.8CVSS5.6AI score0.02354EPSS
Exploits5References3
OSV
OSV
added 2018/03/31 10:29 p.m.2 views

CVE-2018-8908

An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin privileges. This happens...

8.8CVSS5.8AI score0.02354EPSS
Exploits5References2
NVD
NVD
added 2018/03/31 10:29 p.m.11 views

CVE-2018-8908

An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin privileges. This happens...

8.8CVSS8.5AI score0.02354EPSS
Exploits5References2
CVE
CVE
added 2018/03/31 10:0 p.m.51 views

CVE-2018-8908

The CVE-2018-8908 entry concerns Frog CMS 0.9.5 where the add user function at /admin/?/user/add is vulnerable to CSRF due to missing anti-CSRF tokens. A malicious page can trick a logged-in admin to perform an action that creates another admin user, potentially escalating privileges. Public refe...

8.8CVSS8.5AI score0.02354EPSS
Exploits5References2Affected Software1
Cvelist
Cvelist
added 2018/03/31 10:0 p.m.24 views

CVE-2018-8908

An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin privileges. This happens...

8.6AI score0.02354EPSS
Exploits5References2
Packet Storm
Packet Storm
added 2018/03/31 12:0 a.m.44 views

Frog CMS 0.9.5 Cross Site Request Forgery

Exploit Title:aa Cross Site Request Forgery- Frog CMS Date: 31-03-2018 Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://github.com/philippe/FrogCMS Version: 0.9.5 CVE : CVE-2018-8908 Category: Webapp CMS 1...

8.7AI score0.02354EPSS
Exploits5
CNVD
CNVD
added 2018/03/28 12:0 a.m.4 views

Frog CMS Arbitrary File Upload Vulnerability

Frog CMS is a content management system CMS developed by software developer Philippe Archambault. The system provides tools for page templates, user rights management, and document management. A security vulnerability exists in Frog CMS version 0.9.5 due to a lack of extension detection in the...

9.8CVSS7AI score0.0851EPSS
Exploits1References1
Prion
Prion
added 2018/03/22 4:29 a.m.10 views

Design/Logic Flaw

An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation...

7.5CVSS7AI score0.0851EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/03/22 4:29 a.m.17 views

CVE-2014-4912

An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation...

9.8CVSS7AI score0.0851EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/03/22 4:0 a.m.18 views

CVE-2014-4912

An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation...

7.5AI score0.0851EPSS
Exploits1References1
CVE
CVE
added 2018/03/22 4:0 a.m.53 views

CVE-2014-4912

CVE-2014-4912 affects Frog CMS 0.9.5: Arbitrary file upload due to lack of extension validation. Root cause: missing extension validation. Impact: partial confidentiality, integrity, and availability (CVSS2/3 indicate HIGH/CRITICAL). Exploitation details are not provided in the documents; an expl...

9.8CVSS7AI score0.0851EPSS
Exploits1References1Affected Software1
exploitpack
exploitpack
added 2014/07/06 12:0 a.m.9 views

Frog CMS 0.9.5 - Arbitrary File Upload

Frog CMS 0.9.5 - Arbitrary File Upload Exploit Title: Arbitrary File Upload in Frog CMS 0.9.5 Date : 2014-07-07 Exploit Author : Javid Hussain Vendor Homepage : http://www.madebyfrog.com Exploit-DB Note: All authenticated users can upload files. If the file does not have execute permissions the C...

0.5AI score
Exploits0
Rows per page
Query Builder