Описание
Unauthenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via the login page. The XSS is executed when an administrator accesses the logs.
Ссылки
- Vendor Advisory
- Vendor Advisory
- ExploitThird Party Advisory
- Vendor Advisory
- Vendor Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:safe:fme_server:2019.0:*:*:*:*:*:*:*
cpe:2.3:a:safe:fme_server:2019.1:*:*:*:*:*:*:*
cpe:2.3:a:safe:fme_server:2019.2:beta:*:*:*:*:*:*
cpe:2.3:a:safe:fme_server:2020.0:beta:*:*:*:*:*:*
EPSS
Процентиль: 68%
0.00575
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
Unauthenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via the login page. The XSS is executed when an administrator accesses the logs.
EPSS
Процентиль: 68%
0.00575
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79