Authenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to execute codeby injecting arbitrary web script or HTML via modifying the name of the users. The XSS is executed when an administrator access the logs.
CPE | Name | Operator | Version |
---|---|---|---|
fme_server | eq | 2020.0 beta | |
fme_server | eq | 2019.0 | |
fme_server | eq | 2019.1 | |
fme_server | eq | 2019.2 beta |