CVE-2018-8908 — CVSS 8.8 (high): An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious…
CVE-2018-20775 — CVSS 7.2 (high): admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting…
CVE-2018-11098 — CVSS 7.2 (high): An issue was discovered in Frog CMS 0.9.5. There is a file upload vulnerability via the admin/?/plugin/file_manager/upload URI, a similar…
CVE-2018-20778 — CVSS 6.1 (medium): admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element.
CVE-2019-1010235 — CVSS 5.4 (medium): Frog CMS 1.1 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing, Alert pop-up on page, Redirecting to another…
CVE-2018-9992 — CVSS 4.8 (medium): Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Directory" on the admin/?/plugin/file_manager/browse/ screen.