CVE-2014-3111
Fog Imaging System 0.32 Cross Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in FOG 0.27 through 0.32 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Printer Model field to the Printer Management page, (2) Image Name field to the Image Management page, (3) Storage Group Name field to the Storage Management page, (4) Username field to the User Cleanup FOG Configuration page, or (5) Directory Path field to the Directory Cleaner FOG Configuration page.
Múltiples vulnerabilidades de XSS en FOG 0.27 hasta 0.32 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del campo (1) Printer Model en la página Printer Management, (2) Image Name en la página Image Management, (3) Storage Group Name en la página Storage Management, (4) Username en la página User Cleanup FOG Configuration, o (5) Directory Path en la página Directory Cleaner FOG Configuration.
Fog Imaging System versions 0.27 through 0.32 suffer from multiple cross site scripting vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-04-29 CVE Reserved
- 2014-05-13 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2014/04/30/2 | Mailing List |
|
| http://www.securityfocus.com/archive/1/532091/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/67141 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://seclists.org/fulldisclosure/2014/May/60 | 2024-08-06 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Fogproject Search vendor "Fogproject" | Fog Search vendor "Fogproject" for product "Fog" | 0.27 Search vendor "Fogproject" for product "Fog" and version "0.27" | - |
Affected
| ||||||
| Fogproject Search vendor "Fogproject" | Fog Search vendor "Fogproject" for product "Fog" | 0.28 Search vendor "Fogproject" for product "Fog" and version "0.28" | - |
Affected
| ||||||
| Fogproject Search vendor "Fogproject" | Fog Search vendor "Fogproject" for product "Fog" | 0.29 Search vendor "Fogproject" for product "Fog" and version "0.29" | - |
Affected
| ||||||
| Fogproject Search vendor "Fogproject" | Fog Search vendor "Fogproject" for product "Fog" | 0.30 Search vendor "Fogproject" for product "Fog" and version "0.30" | - |
Affected
| ||||||
| Fogproject Search vendor "Fogproject" | Fog Search vendor "Fogproject" for product "Fog" | 0.31 Search vendor "Fogproject" for product "Fog" and version "0.31" | - |
Affected
| ||||||
| Fogproject Search vendor "Fogproject" | Fog Search vendor "Fogproject" for product "Fog" | 0.32 Search vendor "Fogproject" for product "Fog" and version "0.32" | - |
Affected
| ||||||