Unauthenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via the login page. The XSS is executed when an administrator accesses the logs.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-04-28T20:43:05
Updated: 2024-08-04T14:51:10.755Z
Reserved: 2020-08-13T00:00:00
Link: CVE-2020-22789
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-04-28T21:15:08.743
Modified: 2024-11-21T05:13:25.077
Link: CVE-2020-22789
Redhat
No data.