CVE-2018-10321

Summary: Frog CMS 0.9.5 has a stored Cross-Site Scripting vulnerability via the Settings page’s Admin Site title. An admin can inject payloads that are stored and later executed in other contexts, per multiple sources. Public exploits exist (e.g., Exploit-DB and PacketStorm entries) describing th...

CVE-2024-42627

The vulnerability CVE-2024-42627 affects FrogCMS v0.9.5. A CSRF flaw exists in the admin endpoint /admin/?/snippet/delete/3, enabling an attacker to induce a logged-in user to perform a state-changing action. The root cause described across sources is insufficient verification of the request’s or...

CVE-2024-42632

FrogCMS v0.9.5 is affected by a CSRF vulnerability exploitable via /admin/?/page/add. CVSSv3.1: 8.8 (HIGH) with users required and network access. The root cause is a Cross-Site Request Forgery condition; no fixed version is confirmed in provided docs. Red Hat/PTSecurity references confirm the en...

CVE-2024-42629

CVE-2024-42629 affects FrogCMS v0.9.5, exposing a Cross-Site Request Forgery (CSRF) vulnerability via the admin endpoint /admin/?/page/edit/10. This vulnerability is documented across multiple sources (NVD, Red Hat, CVE list, PT Security enrichment). The most actionable mitigation noted in the co...

CVE-2024-42631

FrogCMS v0.9.5 contains a Cross-Site Request Forgery (CSRF) flaw exploitable via the admin path /admin/?/layout/edit/1. The Red Hat/NVD/CVE records confirm the vulnerability in FrogCMS 0.9.5 with high impact (C/H/I/A) and user interaction required. The connected documents provide the vulnerabilit...

CVE-2024-46362

CVE-2024-46362 – FrogCMS v0.9.5 CSRF flaw : The Red Hat/NVD/NVD-linked entries describe a Cross‑Site Request Forgery vulnerability exploitable via the endpoint /admin/?/plugin/file_manager/create_directory in FrogCMS 0.9.5. The underlying issue is CSRF that could allow an attacker to perform unau...

CVE-2024-42628

FrogCMS v0.9.5 has a CSRF vulnerability exploitable via the endpoint /admin/?/snippet/edit/3. Affected component: FrogCMS 0.9.5; vulnerability type: CSRF with high impact (C/H/I/A). Public exploitation details are not provided in the available documents. Remediation: no patch/version info is stat...

CVE-2024-46085

FrogCMS v0.9.5 is affected by a Cross-Site Request Forgery (CSRF) vulnerability exploitable via the /admin/?/plugin/file_manager/rename endpoint. Root cause: CSRF allows unauthorized actions (e.g., file rename) from authenticated sessions. Impact details in the sources indicate potential for unau...

CVE-2024-46394

FrogCMS v0.9.5 is affected by a CSRF vulnerability via /admin/?/user/add. CVE-2024-46394 impacts FrogCMS 0.9.5 with a root cause allowing unauthorized actions through cross-site requests. CVSS v3.1 scores indicate High impact: NVD lists 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) with network attac...

CVE-2024-42625

FrogCMS v0.9.5 is affected by a Cross-Site Request Forgery (CSRF) vulnerability exploitable via the /admin/?/layout/add endpoint. The issue is documented under CVE-2024-42625 with a CVSSv3.1 base score of 8.8 ( HIGH ) per NVD. The Red Hat and PTSecurity entries corroborate the vulnerability at th...

CVE-2024-42626

FrogCMS v0.9.5 contains a Cross-Site Request Forgery (CSRF) vulnerability exploitable via /admin/?/snippet/add. The CVE description explicitly identifies a CSRF issue and notes a high impact (C/H/I/A = High) with CVSSv3.1 base metrics: AV:N, AC:L, PR:N, UI:R, S:U, C:H, I:H, A:H. Connected sources...

CVE-2024-42624

FrogCMS v0.9.5 is affected by a Cross-Site Request Forgery (CSRF) vulnerability exploitable via the /admin/?/page/delete/10 endpoint. The issue is documented with a high impact (C/H/I/A) and CVSS 3.1 score 8.8. Attack vector is network, but requires user interaction (UI:R), and no privileges are ...

CVE-2024-42630

CVE-2024-42630 affects FrogCMS v0.9.5 with a Cross-Site Request Forgery (CSRF) in the admin file manager create_file endpoint: /admin/?/plugin/file_manager/create_file. Root cause is CSRF in the file management API, requiring user interaction for exploitation. Impact is high (confidentiality, int...

CVE-2024-46086

Summary: CVE-2024-46086 affects FrogCMS v0.9.5 with a Cross-Site Request Forgery (CSRF) vulnerability exploitable through the API endpoint /admin/?/plugin/file_manager/delete/123. The Red Hat, NVD, CVE lists corroborate the issue as CSRF with high impact metrics (CVSS 3.1: AV:N/AC:L/PR:N/UI:R/S:U...

CVE-2020-25872

Affected product: FrogCMS 0.9.5. The vulnerability is in FileManagerController.php and allows a directory traversal attack via a GET request urlencode parameter. This is a path traversal issue in the Web UI/file handling code, enabling an attacker to access files outside the intended root. The co...

CVE-2024-42623

CVE-2024-42623 affects FrogCMS v0.9.5 with a Cross-Site Request Forgery (CSRF) vulnerability at the /admin/?/layout/delete/1 endpoint. The CVSSv3.1 base score is 8.8 (HIGH) with network attack vector, low attack complexity, and no privileges required, but user interaction is required; impact is h...

CVE-2018-10318

Frog CMS 0.9.5 contains a cross-site scripting (XSS) vulnerability in the admin/?/page/edit page[keywords] parameter (Edit Page Metadata). The issue arises from user-supplied content in the keywords field that is reflected in the page. Exploitation specifics beyond this description are not provid...

CVE-2018-10319

Frog CMS 0.9.5 is affected by a Cross‑Site Scripting (XSS) vulnerability in the admin/?/snippet/edit (snippet[name]) parameter, i.e., the Edit Snippet action. The issue enables injection via the snippet name during edit, as documented under CVE-2018-10319. Connected records also reference the rel...

CVE-2018-10806

CVE-2018-10806 (Frog CMS 0.9.5) : A reflected Cross-Site Scripting vulnerability exists in Frog CMS via the file[current_name] parameter to the admin/?/plugin/file_manager/rename URI. The issue can be exploited in conjunction with CSRF. Affected product: Frog CMS 0.9.5. Vulnerable component: the ...

CVE-2018-10320

CVE-2018-10320 affects Frog CMS 0.9.5 with a stored/reflected XSS via the admin/?/layout/edit layout[name] parameter (Edit Layout). The CNVD entry and NVD description confirm a cross-site scripting vulnerability in Frog CMS 0.9.5, exploitable remotely by crafting the name input to inject script. ...

CVE-2018-10570

CVE-2018-10570 affects Frog CMS 0.9.5. The vulnerability is a Cross-Site Scripting (XSS) flaw in /install/index.php via the ['config']['admin_username'] field. CNVD notes that an attacker could inject arbitrary web script or HTML, implying a client-side impact on affected sessions/pages. The Red ...

CVE-2018-19844

Affected software: Frog CMS 0.9.5. Vulnerability: Cross-Site Scripting (XSS) via the admin/?/snippet/edit or admin/?/snippet/add name parameter, due to mishandling during snippet edit/add actions. Impact: XSS could allow arbitrary script injection. Root cause / details: The XSS is described acros...

CVE-2021-26794

CVE-2021-26794 affects FrogCMS SentCMS v0.9.5, allowing remote code execution via a crafted PHP file uploaded through upload.php. Multiple connected sources (RH Red Hat, CVE lists, CP advisories, CNVD/CNNVD equivalents, and CVE records) describe it as a privilege escalation leading to arbitrary c...

CVE-2018-16447

CVE-2018-16447 affects Frog CMS 0.9.5, where the admin/?/user/edit/1 endpoint is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability arises in the admin interface and could enable remote attackers to perform unauthorized operations on behalf of an authenticated user. The provided d...