Описание
Unauthenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via the login page. The XSS is executed when an administrator accesses the logs.
Unauthenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via the login page. The XSS is executed when an administrator accesses the logs.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-22789
- https://community.safe.com/s/article/FME-Server-Stored-Cross-Site-Scripting-XSS-Vulnerabilities
- https://community.safe.com/s/article/fme-server-2019-security-update
- https://mexicanpentester.com/2020/04/09/vulnerabilities-in-fme-server-versions-2019-2-and-2020-0-beta-and-probably-previous-versions
Связанные уязвимости
CVSS3: 6.1
nvd
почти 5 лет назад
Unauthenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via the login page. The XSS is executed when an administrator accesses the logs.