Unauthenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote malicious user to gain admin privileges by injecting arbitrary web script or HTML via the login page. The XSS is executed when an administrator accesses the logs.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
safe fme server 2019.0 |
||
safe fme server 2019.1 |
||
safe fme server 2019.2 |
||
safe fme server 2020.0 |