search

philippe / FrogCMS

Frog CMS simplifies content management by offering an elegant user interface, flexible templating per page, simple user management and permissions, as well as the tools necessary for file management.
GNU General Public License v3.0
160 stars 36 forks source link

Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability #5

Open magicming200 opened 6 years ago

magicming200 commented 6 years ago

Hi, I have found a stored Cross Site Scripting Vulnerability.

Steps to replicate:

  1. log into the system as an administrator role;
  2. enter page: http://your_site/frogcms/admin/?/setting, and click Settings option;
  3. navigate to "Admin Site title" section
  4. enter payload as shown in below section: Frog CMS1</a><img src=1 onerror="alert()" /><a>
  5. visit http://your_site/frogcms/admin/?/login, you will triage JavaScript execution

Impacts: Anyone who visit the target page will be affected to triage JavaScript code, including administrator, editor, developer, and guest.

Affected Version: 0.9.5

Affected URL: http://your_site/frogcms/admin/?/login