CVE-2014-3111 – Fog Imaging System 0.32 Cross Site Scripting

https://notcve.org/view.php?id=CVE-2014-3111

Multiple cross-site scripting (XSS) vulnerabilities in FOG 0.27 through 0.32 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Printer Model field to the Printer Management page, (2) Image Name field to the Image Management page, (3) Storage Group Name field to the Storage Management page, (4) Username field to the User Cleanup FOG Configuration page, or (5) Directory Path field to the Directory Cleaner FOG Configuration page. Múltiples vulnerabilidades de XSS en FOG 0.27 hasta 0.32 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del campo (1) Printer Model en la página Printer Management, (2) Image Name en la página Image Management, (3) Storage Group Name en la página Storage Management, (4) Username en la página User Cleanup FOG Configuration, o (5) Directory Path en la página Directory Cleaner FOG Configuration. Fog Imaging System versions 0.27 through 0.32 suffer from multiple cross site scripting vulnerabilities. • http://fogproject.org/forum/threads/stored-xss-vulnerability-in-fog-project-version-0-27-through-0-32.10394 http://seclists.org/fulldisclosure/2014/May/60 http://www.openwall.com/lists/oss-security/2014/04/30/2 http://www.securityfocus.com/archive/1/532091/100/0/threaded http://www.securityfocus.com/bid/67141 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •