Oran9Eo

Name of the Vulnerable Software and Affected Versions: Frog CMS version 0.9.5 Description: The issue is related to a cross-site scripting (XSS) problem. It occurs via the admin/?/page/edit page, specifically through the `keywords` parameter. This allows for malicious script execution. Recommendations: For Frog CMS version 0.9.5, avoid using the `keywords` parameter in the admin/?/page/edit page until a fix is available. As a temporary workaround, consider restricting access to the admin/?/page/edit page to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Frog CMS version 0.9.5 Description: The issue is related to a Cross-Site Scripting (XSS) problem. It occurs via the `snippet[name]` parameter in the `/admin/?/snippet/edit` API endpoint. Recommendations: For Frog CMS version 0.9.5, avoid using the `snippet[name]` parameter in the `/admin/?/snippet/edit` endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the edit snippet functionality to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Frog CMS version 0.9.5 Description: The issue is related to a cross-site scripting (XSS) problem. It occurs via the `layout[name]` parameter in the admin/?/layout/edit layout endpoint. Recommendations: For Frog CMS version 0.9.5, avoid using the `layout[name]` parameter in the admin/?/layout/edit layout endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the admin/?/layout/edit layout endpoint to minimize the risk of exploitation.