Unauthenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via the login page. The XSS is executed when an administrator accesses the logs.
CPE | Name | Operator | Version |
---|---|---|---|
fme_server | eq | 2020.0 beta | |
fme_server | eq | 2019.0 | |
fme_server | eq | 2019.1 | |
fme_server | eq | 2019.2 beta |