199 matches found
CVE-2018-20776
Frog CMS 0.9.5 is affected by an information-disclosure issue where a /public request can return a directory listing. The vulnerability is described as a directory listing exposure in Frog CMS 0.9.5. Connected sources (NVD/CVE records and CNVD) confirm the component and issue, but do not provide ...
CVE-2018-20774
CVE-2018-20774 affects Frog CMS 0.9.5, with a cross-site scripting (XSS) vulnerability in the admin/?/layout/edit/1 Body field. The root cause is improper input handling that allows injecting script into a form field which is subsequently rendered without sufficient sanitization, enabling client-...
CVE-2018-20773
CVE-2018-20773 affects Frog CMS 0.9.5, where an attacker can achieve PHP code execution by visiting admin/?/page/edit/1 and injecting additional
CVE-2018-20772
CVE-2018-20772 affects Frog CMS 0.9.5. The vulnerability allows PHP code execution via the PHP opening tag in the request to the URI admin/?/layout/edit/1, indicating a code-injection path in that administration handler. The root cause is improper handling of PHP code within that endpoint, enabli...
CVE-2018-20775
The CVE-2018-20775 entry concerns Frog CMS 0.9.5 where the admin/?/plugin/file_manager exposes a flaw that allows an attacker to create a new .php file containing PHP code and access it via the public/ URI, enabling PHP code execution. This aligns with the NVD description of a file-manager vulner...
CVE-2018-20777
CVE-2018-20777 affects Frog CMS 0.9.5 with Cross-Site Scripting in the admin/?/snippet/edit/1 Body field. The NVD entry lists a CVSSv3.0 base score of 5.4 (MEDIUM) with NETWORK attack vector, LOW privileges required, user interaction REQUIRED, and a CHANGED scope; CVSSv2 base score is 3.5 (LOW). ...
Frog CMS Information Disclosure Vulnerability
Frog CMS is a Content Management System CMS developed by Philippe Archambault Software Developers. The system provides tools for page templates, user rights management and document management. An information disclosure vulnerability exists in Frog CMS. An attacker could exploit the vulnerability ...
Frog CMS Code Injection Vulnerability (CNVD-2019-34647)
Frog CMS is a Content Management System CMS developed by Philippe Archambault Software Developers. The system provides tools for page templates, user rights management and document management. A code injection vulnerability exists in Frog CMS. An attacker could use this vulnerability to generate...
Frog CMS Code Injection Vulnerability (CNVD-2019-34646)
Frog CMS is a Content Management System CMS developed by Philippe Archambault Software Developers. The system provides tools for page templates, user rights management and document management. A code injection vulnerability exists in Frog CMS. An attacker could use this vulnerability to generate...
Frog CMS Cross-Site Scripting Vulnerability (CNVD-2019-34645)
Frog CMS is a Content Management System CMS developed by Philippe Archambault Software Developers. The system provides tools for page templates, user rights management and document management. A cross-site scripting vulnerability exists in Frog CMS. An attacker can exploit this vulnerability to...
Frog CMS Cross-Site Scripting Vulnerability (CNVD-2019-34648)
Frog CMS is a Content Management System CMS developed by Philippe Archambault Software Developers. The system provides tools for page templates, user rights management and document management. A cross-site scripting vulnerability exists in Frog CMS. An attacker can exploit this vulnerability to...
Frog CMS Code Injection Vulnerability
Frog CMS is a Content Management System CMS developed by Philippe Archambault Software Developers. The system provides tools for page templates, user rights management and document management. A code injection vulnerability exists in Frog CMS. An attacker could use this vulnerability to generate...
Frog CMS Cross-Site Scripting Vulnerability (CNVD-2019-01866)
Frog CMS is a content management system CMS developed by software developer Philippe Archambault. The system provides tools for page templates, user rights management, and document management. A cross-site scripting vulnerability exists in Frog CMS version 0.9.5. A remote attacker can exploit thi...
Cross site scripting
Frog CMS 0.9.5 allows XSS via the forgot password page aka the /admin/?/login/forgot URI...
CVE-2019-6243
Frog CMS 0.9.5 allows XSS via the forgot password page aka the /admin/?/login/forgot URI...
CVE-2019-6243
Frog CMS 0.9.5 allows XSS via the forgot password page aka the /admin/?/login/forgot URI...
CVE-2019-6243
Frog CMS 0.9.5 allows XSS via the forgot password page aka the /admin/?/login/forgot URI...
CVE-2019-6243
CVE-2019-6243 affects Frog CMS 0.9.5 with a cross-site scripting (XSS) vulnerability exposed via the forgot password page (the /admin/?/login/forgot URI). The issue is confirmed across multiple sources (NVD entry and CNVD/CVEs references) and is limited to input handling on the forgot-password fl...
Frog CMS Cross-Site Scripting Vulnerability (CNVD-2019-01314)
Frog CMS is a content management system CMS developed by software developer Philippe Archambault. The system provides tools for page templates, user rights management, and document management. A cross-site scripting vulnerability exists in Frog CMS version 0.9.5, which can be exploited by a remot...
CVE-2018-20680
Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field...