PT-2018-9824 · Frog Cms · Frog Cms

Oran9Eo

·

Published

2018-04-24

·

Updated

2018-05-16

·

CVE-2018-10319

CVSS v3.1

4.8

Medium

VectorAV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions: Frog CMS version 0.9.5
Description: The issue is related to a Cross-Site Scripting (XSS) problem. It occurs via the snippet[name] parameter in the /admin/?/snippet/edit API endpoint.
Recommendations: For Frog CMS version 0.9.5, avoid using the snippet[name] parameter in the /admin/?/snippet/edit endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the edit snippet functionality to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-10319

Affected Products

Frog Cms