Unrated severityNVD Advisory· Published Oct 31, 2023· Updated Sep 5, 2024

FOG stored XSS on log screen via unsanitized request logging

CVE-2023-46235

Description

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10.15, due to a lack of request sanitization in the logs, a malicious request containing XSS would be stored in a log file. When an administrator of the FOG server logged in and viewed the logs, they would be parsed as HTML and displayed accordingly. Version 1.5.10.15 contains a patch. As a workaround, view logs from an external text editor rather than the dashboard.

Affected products

Fogproject/Fogprojectv5
Range: < 1.5.10.15

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/FOGProject/fogproject/commit/2e2421f19620669b9930f72fb73a8dbc5efe4980mitrex_refsource_MISC
github.com/FOGProject/fogproject/security/advisories/GHSA-cvf7-7mvq-5694mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000