CVE-2026-33739

Name of the Vulnerable Software and Affected Versions FOG versions prior to 1.5.10.1812

Description FOG, a free open-source cloning/imaging/rescue suite/inventory management system, contains a Stored Cross-Site Scripting (XSS) issue. This occurs due to insufficient server-side parameter sanitization during record creation and updates, combined with a lack of HTML escaping in listing tables on multiple management pages including Host, Storage, Group, Image, Printer, and Snapin. The issue allows for the injection of malicious scripts that can be executed in the context of other users' browsers.

Recommendations Update to version 1.5.10.1812 or later.