Skip to content

Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability #5

Open
@magicming200

Description

@magicming200

Hi, I have found a stored Cross Site Scripting Vulnerability.

Steps to replicate:

  1. log into the system as an administrator role;
  2. enter page: http://your_site/frogcms/admin/?/setting, and click Settings option;
  3. navigate to "Admin Site title" section
  4. enter payload as shown in below section:
    Frog CMS1</a><img src=1 onerror="alert()" /><a>
  5. visit http://your_site/frogcms/admin/?/login, you will triage JavaScript execution

Impacts:
Anyone who visit the target page will be affected to triage JavaScript code, including administrator, editor, developer, and guest.

Affected Version:
0.9.5

Affected URL:
http://your_site/frogcms/admin/?/login

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions