CVE-2020-22790

Опубликовано: 28 апр. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Authenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to execute codeby injecting arbitrary web script or HTML via modifying the name of the users. The XSS is executed when an administrator access the logs.

Ссылки

https://community.safe.com/s/article/FME-Server-Stored-Cross-Site-Scripting-XSS-Vulnerabilities
Vendor Advisory
https://community.safe.com/s/article/fme-server-2019-security-update
Vendor Advisory
https://mexicanpentester.com/2020/04/09/vulnerabilities-in-fme-server-versions-2019-2-and-2020-0-beta-and-probably-previous-versions/
Exploit
Third Party Advisory
https://community.safe.com/s/article/FME-Server-Stored-Cross-Site-Scripting-XSS-Vulnerabilities
Vendor Advisory
https://community.safe.com/s/article/fme-server-2019-security-update
Vendor Advisory
https://mexicanpentester.com/2020/04/09/vulnerabilities-in-fme-server-versions-2019-2-and-2020-0-beta-and-probably-previous-versions/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:safe:fme_server:2019.0:*:*:*:*:*:*:*

cpe:2.3:a:safe:fme_server:2019.1:*:*:*:*:*:*:*

cpe:2.3:a:safe:fme_server:2019.2:beta:*:*:*:*:*:*

cpe:2.3:a:safe:fme_server:2020.0:beta:*:*:*:*:*:*

EPSS

Процентиль: 66%

0.00519

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-q5cx-q7jp-q7h9

github

больше 3 лет назад