Unauthenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via the login page. The XSS is executed when an administrator accesses the logs.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-04-28T20:43:05

Updated: 2024-08-04T14:51:10.755Z

Reserved: 2020-08-13T00:00:00

Link: CVE-2020-22789

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-04-28T21:15:08.743

Modified: 2024-11-21T05:13:25.077

Link: CVE-2020-22789

cve-icon Redhat

No data.