CVE-2018-9991
Frog CMS 0.9.5 is affected by a Cross‑Site Scripting (XSS) vulnerability in the admin user creation flow. The flaw is triggered via the Name or Username parameter in the URL path /admin/?/user/add, allowing injected scripts to potentially execute in the context of an administrator. The issue is d...