CVE-2014-3111

NONE EPSS 57.8%
Published Oct 21, 201411y ago · Modified Jun 17, 20262w ago
Find Similar
Published Oct 21, 2014 11y ago
Last Modified Jun 17, 2026 2w ago

Description

Multiple cross-site scripting (XSS) vulnerabilities in FOG 0.27 through 0.32 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Printer Model field to the Printer Management page, (2) Image Name field to the Image Management page, (3) Storage Group Name field to the Storage Management page, (4) Username field to the User Cleanup FOG Configuration page, or (5) Directory Path field to the Directory Cleaner FOG Configuration page.

Threat Intelligence

EPSS Exploit Probability
57.8% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 6

VendorProductVersionRange
fogprojectfog0.27any
fogprojectfog0.28any
fogprojectfog0.29any
fogprojectfog0.30any
fogprojectfog0.31any
fogprojectfog0.32any

References 5

  • fogproject.org http://fogproject.org/forum/threads/stored-xss-vulnerability-in-fog-project-version-0-27-through-0-32.10394
    Vendor Advisory
  • seclists.org http://seclists.org/fulldisclosure/2014/May/60
    Exploit
  • openwall.com http://www.openwall.com/lists/oss-security/2014/04/30/2
  • securityfocus.com http://www.securityfocus.com/archive/1/532091/100/0/threaded
  • securityfocus.com http://www.securityfocus.com/bid/67141

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.