Cross-Site Scripting Vulnerabilities in FOG Imaging System by FOG Project
CVE-2014-3111

Currently unrated

Key Information:

Vendor: Fogproject
Status: Fog
Vendor: CVE Published:; 21 October 2014

What is CVE-2014-3111?

The FOG Imaging System versions 0.27 through 0.32 are susceptible to multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote authenticated users to inject arbitrary web scripts or HTML into various fields including Printer Model, Image Name, Storage Group Name, Username, and Directory Path through specific management pages. Exploitation of these vulnerabilities could lead to unauthorized content being executed in the context of an authenticated user's session, risking sensitive information and system integrity.

References

http://www.securityfocus.com/archive/1/532091/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://seclists.org/fulldisclosure/2014/May/60

mailing-listx_refsource_FULLDISC

http://www.securityfocus.com/bid/67141

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 21, 2014
Vulnerability Reserved
Apr 29, 2014

Fogproject

What is CVE-2014-3111?

References

Timeline