CVE-2018-10806

Name of the Vulnerable Software and Affected Versions Frog CMS version 0.9.5

Description A reflected Cross Site Scripting issue was found, which can be exploited via the file[current name] parameter to the "admin/?/plugin/file manager/rename" URI. This issue can be used in conjunction with a CSRF attack.

Recommendations For Frog CMS version 0.9.5, avoid using the file[current name] parameter in the "admin/?/plugin/file manager/rename" URI until the issue is resolved. As a temporary workaround, consider restricting access to the file manager plugin to minimize the risk of exploitation.