Authenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote malicious user to execute codeby injecting arbitrary web script or HTML via modifying the name of the users. The XSS is executed when an administrator access the logs.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
safe fme server 2019.0 |
||
safe fme server 2019.1 |
||
safe fme server 2019.2 |
||
safe fme server 2020.0 |