Frog CMS simplifies content management by offering an elegant user interface, flexible templating per page, simple user management and permissions, as well as the tools necessary for file management.
GNU General Public License v3.0
160
stars
36
forks
source link
Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability #14
When I click save button,the http request like this:
And the rowspage parameter was not XSS filtered resulting in storage XSS vulnerability
EXP is as follows:
The result of EXP is as follows:
I have found a stored Cross Site Scripting vulnerability in http://127.0.0.1/admin/?/plugin/comment/settings
When I click save button,the http request like this: And the rowspage parameter was not XSS filtered resulting in storage XSS vulnerability EXP is as follows: The result of EXP is as follows: