Vulnerability Description
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10.15, due to a lack of request sanitization in the logs, a malicious request containing XSS would be stored in a log file. When an administrator of the FOG server logged in and viewed the logs, they would be parsed as HTML and displayed accordingly. Version 1.5.10.15 contains a patch. As a workaround, view logs from an external text editor rather than the dashboard.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fogproject | Fogproject | < 1.5.10.15 |
Related Weaknesses (CWE)
References
- https://github.com/FOGProject/fogproject/commit/2e2421f19620669b9930f72fb73a8dbcPatchVendor Advisory
- https://github.com/FOGProject/fogproject/security/advisories/GHSA-cvf7-7mvq-5694Vendor Advisory
- https://github.com/FOGProject/fogproject/commit/2e2421f19620669b9930f72fb73a8dbcPatchVendor Advisory
- https://github.com/FOGProject/fogproject/security/advisories/GHSA-cvf7-7mvq-5694Vendor Advisory
FAQ
What is CVE-2023-46235?
CVE-2023-46235 is a vulnerability with a CVSS score of 5.4 (MEDIUM). FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10.15, due to a lack of request sanitization in the logs, a malicious request containing XSS wo...
How severe is CVE-2023-46235?
CVE-2023-46235 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-46235?
Check the references section above for vendor advisories and patch information. Affected products include: Fogproject Fogproject.