Frog CMS simplifies content management by offering an elegant user interface, flexible templating per page, simple user management and permissions, as well as the tools necessary for file management.
GNU General Public License v3.0
160
stars
36
forks
source link
Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability #9
I discovered a storage XSS vulnerability while auditing the code
Vulnerability points appear in the /install/index.php file
POST passed in ['config']['admin_username'] parameter was not XSS filtered resulting in storage XSS vulnerability
EXP is as follows:
The result of EXP is as follows:
I discovered a storage XSS vulnerability while auditing the code Vulnerability points appear in the /install/index.php file POST passed in ['config']['admin_username'] parameter was not XSS filtered resulting in storage XSS vulnerability EXP is as follows: The result of EXP is as follows: