CVE-2018-10321

MEDIUM

Frog CMS 0.9.5 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-10321. PoCs published by Wenming Jiang.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Frog CMS 0.9.5 via the 'Admin Site title' field in the Settings page. The payload is injected and executed when users visit the login page.

Description

Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings.

Exploits (1)

exploitdb WORKING POC
by Wenming Jiang · textwebappsphp
https://www.exploit-db.com/exploits/44551

This exploit demonstrates a stored XSS vulnerability in Frog CMS 0.9.5 via the 'Admin Site title' field in the Settings page. The payload is injected and executed when users visit the login page.

Classification
Working Poc 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Frog CMS 0.9.5
Auth required
Prerequisites: Administrator access to the Frog CMS Settings page
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44551/
Exploit, Third Party Advisory x_refsource_misc
https://github.com/philippe/FrogCMS/issues/5

Scores

CVSS v3 4.8
EPSS 0.0193
EPSS Percentile 77.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
frogcms_project/frogcms 0.9.5
Published Apr 24, 2018
Tracked Since Feb 18, 2026