RSS   Vulnerabilities for 'Frogcms'   RSS

2018-05-08
 
CVE-2018-10806

CWE-79
 

 
An issue was discovered in Frog CMS 0.9.5. There is a reflected Cross Site Scripting Vulnerability via the file[current_name] parameter to the admin/?/plugin/file_manager/rename URI. This can be used in conjunction with CSRF.

 
2018-04-30
 
CVE-2018-10570

CWE-79
 

 
Frog CMS 0.9.5 has XSS in /install/index.php via the ['config']['admin_username'] field.

 
2018-04-24
 
CVE-2018-10321

CWE-79
 

 
Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings.

 
2018-04-23
 
CVE-2018-10320

CWE-79
 

 
Frog CMS 0.9.5 has XSS via the admin/?/layout/edit layout[name] parameter, aka Edit Layout.

 
 
CVE-2018-10319

CWE-79
 

 
Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit snippet[name] parameter, aka Edit Snippet.

 
 
CVE-2018-10318

CWE-79
 

 
Frog CMS 0.9.5 has XSS via the admin/?/page/edit page[keywords] parameter, aka Edit Page Metadata.

 


Copyright 2018, cxsecurity.com

 

Back to Top