Solved Stored XSS vulnerability in fog project version 0.27 through 0.32
I would like to bring to your attention there is a persistent XSS vulnerability in the printer management page
in general, it is possible to add a crafted printer, and once a user/admin would visit the printer management page I could potentially steal his cookies
POC can be found here:
This problem is still present, but really only affects FOG setups who allow login across actual internet sources. Typically speaking this vulnerability really only affects malicious insiders trying to bring down an org, and won’t normally pose the problem.
With that said, I’ve been working towards using mysql prepared statements but this will take quite a bit of work as much of the system was coded with the old procedural style of mysql php functions in mind.
Additional Stored XSS were found in other management pages.