Frog Cms · Frog Cms · CVE-2018-10806
**Name of the Vulnerable Software and Affected Versions**
Frog CMS version 0.9.5
**Description**
A reflected Cross Site Scripting issue was found, which can be exploited via the `file[current name]` parameter to the "admin/?/plugin/file manager/rename" URI. This issue can be used in conjunction with a CSRF attack.
**Recommendations**
For Frog CMS version 0.9.5, avoid using the `file[current name]` parameter in the "admin/?/plugin/file manager/rename" URI until the issue is resolved. As a temporary workaround, consider restricting access to the file manager plugin to minimize the risk of exploitation.