CVE

Id
70406  
CVE No.
CVE-2014-3111  
Status
Candidate  
Description
Multiple cross-site scripting (XSS) vulnerabilities in FOG 0.27 through 0.32 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Printer Model field to the Printer Management page, (2) Image Name field to the Image Management page, (3) Storage Group Name field to the Storage Management page, (4) Username field to the User Cleanup FOG Configuration page, or (5) Directory Path field to the Directory Cleaner FOG Configuration page.  
Phase
Assigned (20140429)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
669823 70406 CVE-2014-3111 BUGTRAQ:20140513 Multiple Stored XSS in FOG Image deployment system - FD  View
669824 70406 CVE-2014-3111 URL:http://www.securityfocus.com/archive/1/archive/1/532091/100/0/threaded  View
669825 70406 CVE-2014-3111 FULLDISC:20140514 FD - Multiple stored XSS in FOG imaging deployment system CVE-2014-3111  View
669826 70406 CVE-2014-3111 URL:http://seclists.org/fulldisclosure/2014/May/60  View
669827 70406 CVE-2014-3111 MLIST:[oss-security] 20140430 Re: CVE Request - XSS in FOG open imaging system  View
669828 70406 CVE-2014-3111 URL:http://www.openwall.com/lists/oss-security/2014/04/30/2  View
669829 70406 CVE-2014-3111 MISC:http://fogproject.org/forum/threads/stored-xss-vulnerability-in-fog-project-version-0-27-through-0-32.10394  View
669830 70406 CVE-2014-3111 BID:67141  View

Related JVN