CVE-2020-22790

Authenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to execute codeby injecting arbitrary web script or HTML via modifying the name of the users. The XSS is executed when an administrator access the logs.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:safe:fme_server:2019.0:*:*:*:*:*:*:*
cpe:2.3:a:safe:fme_server:2019.1:*:*:*:*:*:*:*
cpe:2.3:a:safe:fme_server:2019.2:beta:*:*:*:*:*:*
cpe:2.3:a:safe:fme_server:2020.0:beta:*:*:*:*:*:*

Information

Published : 2021-04-28 14:15

Updated : 2021-06-17 09:58


NVD link : CVE-2020-22790

Mitre link : CVE-2020-22790


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

safe

  • fme_server