Frog CMS 0.9.5 - Cross-Site Scripting

2019-01-02 11:05:02

# Exploit Title: Frog CMS 0.9.5 - Cross-Site Scripting
# Date: 2018-12-25
# Exploit Author:WangDudu
# Vendor Homepage: https://github.com/philippe/FrogCMS
# Software Link: https://github.com/philippe/FrogCMS
# Version:0.9.5
# CVE :CVE-2018-20448

# The parameter under /install/index.php is that the Database name has reflective XSS
# 1 The Database name , username and password must be correct
# 2 You can use the exp:

<script>alert(1)</script>

Fixes

No fixes

In order to submit a new fix you need to be registered.