# Exploit Title: Frog CMS 0.9.5 - Cross-Site Scripting# Date: 2018-12-25# Exploit Author:WangDudu# Vendor Homepage: https://github.com/philippe/FrogCMS# Software Link: https://github.com/philippe/FrogCMS# Version:0.9.5# CVE :CVE-2018-20448# The parameter under /install/index.php is that the Database name has reflective XSS# 1 The Database name , username and password must be correct# 2 You can use the exp: <script>alert(1)</script>
