{"vulnerability": "CVE-2023-46235", "sightings": [{"uuid": "83c8bb20-af14-4658-b6e8-47d5740fa19b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-46235", "type": "seen", "source": "https://t.me/cibsecurity/73245", "content": "\u203c CVE-2023-46235 \u203c\n\nFOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10.15, due to a lack of request sanitization in the logs, a malicious request containing XSS would be stored in a log file. When an administrator of the FOG server logged in and viewed the logs, they would be parsed as HTML and displayed accordingly. Version 1.5.10.15 contains a patch. As a workaround, view logs from an external text editor rather than the dashboard.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-31T17:21:18.000000Z"}]}