ID CVE-2018-9991
Description Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter.
CVSS
  • Score: 3.5
  • Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
  • Availability: not affected
  • Confidentiality: not affected
  • Integrity: PARTIAL
CWE-ID CWE-79
Last Modified May 11, 2018
Available Solutions No solutions were found

CPE-ID

Application Name/CPE-IDVendorProductVersionList of Vulnerabilities
Frog_cms_project Frog_cms 0.9.5 frog cms project frog cms 0.9.5 17 Vulnerabilties for Frog_cms_project Frog_cms 0.9.5
Similar vulnerabilities

Pre-Condition

<set operator="and">
    <prop key="application" value="cpe:/a:frog_cms_project:frog_cms:0.9.5"/>
    <prop key="program_influence" value="input"/>
    <prop key="range" value="remote"/>
</set>

								

Post-Condition

<set operator="and">
    <prop key="target" value="host"/>
  <set operator="or">
      <prop key="program_influence" value="input"/>
      <prop key="program_influence" value="output"/>
      <prop key="program_influence" value="existence"/>
  </set>
    <prop key="data" value="any"/>
  <set operator="or">
      <prop key="data_influence" value="write"/>
      <prop key="data_influence" value="delete"/>
  </set>
  <set operator="or">
      <prop key="range" value="remote"/>
      <prop key="range" value="local"/>
  </set>
</set>