EIP-2026-107260

PRE-CVE

Frog CMS 0.9.5 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107260. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary The exploit demonstrates multiple CSRF and XSS vulnerabilities in Frog CMS 0.9.5, allowing arbitrary JavaScript execution and unauthorized actions via crafted HTTP requests. The PoC includes forms with malicious payloads that exploit unsanitized input in various controller scripts.

Description

Frog CMS 0.9.5 - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by High-Tech Bridge SA · htmlwebappsphp

https://www.exploit-db.com/exploits/15615

View Code ZIP pw:eip

The exploit demonstrates multiple CSRF and XSS vulnerabilities in Frog CMS 0.9.5, allowing arbitrary JavaScript execution and unauthorized actions via crafted HTTP requests. The PoC includes forms with malicious payloads that exploit unsanitized input in various controller scripts.

Classification

Working Poc 100%

Attack Type

Xss | Csrf

Complexity

Trivial

Reliability

Reliable

Target: Frog CMS 0.9.5

No auth needed

Prerequisites: Victim must visit a malicious page or be tricked into submitting a crafted form

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026