Impact
Due to a lack of request sanitization in the logs, a malicious request containing XSS would be stored in a log file. When an administrator of the FOG server logged in and viewed the logs, they would be parsed as HTML and displayed accordingly.
Patches
Patched in commit 2e2421f19620669b9930f72fb73a8dbc5efe4980
, and version 1.5.10.15.
Workarounds
View logs from an external text editor rather than the dashboard when on versions < 1.5.10.15
Impact
Due to a lack of request sanitization in the logs, a malicious request containing XSS would be stored in a log file. When an administrator of the FOG server logged in and viewed the logs, they would be parsed as HTML and displayed accordingly.
Patches
Patched in commit
2e2421f19620669b9930f72fb73a8dbc5efe4980
, and version 1.5.10.15.Workarounds
View logs from an external text editor rather than the dashboard when on versions < 1.5.10.15