header-logo
Suggest Exploit
vendor:
FrogCMS
by:
WangDudu
5.4
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: FrogCMS
Affected Version From: 0.9.5
Affected Version To: 0.9.5
Patch Exists: YES
Related CWE: CVE-2018-20448
CPE: a:philippe:frog_cms
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: None
2018

Frog CMS 0.9.5 – Cross-Site Scripting

The parameter under /install/index.php is that the Database name has reflective XSS. The Database name, username and password must be correct. An example exploit is <script>alert(1)</script>

Mitigation:

Input validation should be used to prevent malicious input from being passed to the application.
Source

Exploit-DB raw data:

# Exploit Title: Frog CMS 0.9.5 - Cross-Site Scripting
# Date: 2018-12-25
# Exploit Author:WangDudu
# Vendor Homepage: https://github.com/philippe/FrogCMS
# Software Link: https://github.com/philippe/FrogCMS
# Version:0.9.5
# CVE :CVE-2018-20448

# The parameter under /install/index.php is that the Database name has reflective XSS
# 1 The Database name , username and password must be correct
# 2 You can use the exp: 

<script>alert(1)</script>

Navigation

Suggest Exploit

Services By CQR