CVE-2023-46235

Name of the Vulnerable Software and Affected Versions FOG versions prior to 1.5.10.15

Description The issue is related to a lack of request sanitization in the logs of FOG, a free open-source cloning/imaging/rescue suite/inventory management system. This allows a malicious request containing XSS to be stored in a log file. When an administrator logs in and views the logs, they are parsed as HTML and displayed accordingly.

Recommendations For versions prior to 1.5.10.15, update to version 1.5.10.15 to resolve the issue. As a temporary workaround, consider viewing logs from an external text editor rather than the dashboard to minimize the risk of exploitation.