Authenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to execute codeby injecting arbitrary web script or HTML via modifying the name of the users. The XSS is executed when an administrator access the logs.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-04-28T20:42:54
Updated: 2024-08-04T14:51:10.824Z
Reserved: 2020-08-13T00:00:00
Link: CVE-2020-22790
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-04-28T21:15:08.770
Modified: 2024-11-21T05:13:25.233
Link: CVE-2020-22790
Redhat
No data.