Frog Cms · Frog Cms · CVE-2018-20448
**Name of the Vulnerable Software and Affected Versions**
Frog CMS version 0.9.5
**Description**
The issue allows for XSS via the Database name field to the "/install/index.php" API endpoint.
**Recommendations**
For Frog CMS version 0.9.5, update to a version that fixes this issue, as using the Database name field in the /install/index.php endpoint can lead to exploitation.