Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Directory" on the admin/?/plugin/file_manager/browse/ screen
> [Additional Information]
> Steps for reproduction:
> 1. Navigate to Files "http://localhost/FrogCms/admin/?/plugin/file_manager/browse// " section.
>
> 2. Click on Create New "File" Or "Directory"
>
> 3. Keep the file name as a malicious payload eg: <script>alert(1)</script>
>
> 4. Click "OK" to save and create new file or directory
>
> 5. XSS is executed.
>
> ------------------------------------------
>
> [Vulnerability Type]
> Cross Site Scripting (XSS)
>
> ------------------------------------------
>
> [Vendor of Product]
> Frog CMS
>
> ------------------------------------------
>
> [Affected Product Code Base]
> Frog CMS - 0.9.5
>
> ------------------------------------------
>
> [Affected Component]
> Frog CMS
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> Creating a New File or Directory
>
> ------------------------------------------
>
> [Discoverer]
> Priyank Sethi, Prafull Agarwal
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment