CVE-2014-3111
NONE EPSS 57.8%
Published Oct 21, 201411y ago · Modified Jun 17, 20262w ago
Published Oct 21, 2014 11y ago
Last Modified Jun 17, 2026 2w ago
Description
Multiple cross-site scripting (XSS) vulnerabilities in FOG 0.27 through 0.32 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Printer Model field to the Printer Management page, (2) Image Name field to the Image Management page, (3) Storage Group Name field to the Storage Management page, (4) Username field to the User Cleanup FOG Configuration page, or (5) Directory Path field to the Directory Cleaner FOG Configuration page.
Threat Intelligence
EPSS Exploit Probability
57.8% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-79 Cross-site Scripting Injection
Affected Products 6
| Vendor | Product | Version | Range |
|---|---|---|---|
| fogproject | fog | 0.27 | any |
| fogproject | fog | 0.28 | any |
| fogproject | fog | 0.29 | any |
| fogproject | fog | 0.30 | any |
| fogproject | fog | 0.31 | any |
| fogproject | fog | 0.32 | any |
References 5
- fogproject.org http://fogproject.org/forum/threads/stored-xss-vulnerability-in-fog-project-version-0-27-through-0-32.10394
- seclists.org http://seclists.org/fulldisclosure/2014/May/60
- openwall.com http://www.openwall.com/lists/oss-security/2014/04/30/2
- securityfocus.com http://www.securityfocus.com/archive/1/532091/100/0/threaded
- securityfocus.com http://www.securityfocus.com/bid/67141
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.