N/A

Multiple cross-site scripting (XSS) vulnerabilities in FOG 0.27 through 0.32 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Printer Model field to the Printer Management page, (2) Image Name field to the Image Management page, (3) Storage Group Name field to the Storage Management page, (4) Username field to the User Cleanup FOG Configuration page, or (5) Directory Path field to the Directory Cleaner FOG Configuration page.

N/A

N/A

FOG 跨站脚本漏洞

FOG是一套免费的开源计算机克隆、镜像解决方案。该方案提供减小分区大小、调整驱动器镜像大小和更改目标计算机名称等功能。 FOG 0.27版本至0.32版本中存在跨站脚本漏洞，该漏洞源于Printer Management页面没有充分过滤‘Printer Model’字段；Image Management页面没有充分过滤‘Image Name’字段；Storage Management页面没有充分过滤‘Storage Group Name’字段；User Cleanup FOG Configuration页

N/A

N/A