Vulnerability Description
Unauthenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via the login page. The XSS is executed when an administrator accesses the logs.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Safe | Fme Server | 2019.0 |
Related Weaknesses (CWE)
References
- https://community.safe.com/s/article/FME-Server-Stored-Cross-Site-Scripting-XSS-Vendor Advisory
- https://community.safe.com/s/article/fme-server-2019-security-updateVendor Advisory
- https://mexicanpentester.com/2020/04/09/vulnerabilities-in-fme-server-versions-2ExploitThird Party Advisory
- https://community.safe.com/s/article/FME-Server-Stored-Cross-Site-Scripting-XSS-Vendor Advisory
- https://community.safe.com/s/article/fme-server-2019-security-updateVendor Advisory
- https://mexicanpentester.com/2020/04/09/vulnerabilities-in-fme-server-versions-2ExploitThird Party Advisory
FAQ
What is CVE-2020-22789?
CVE-2020-22789 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Unauthenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via the login page. The XSS is exec...
How severe is CVE-2020-22789?
CVE-2020-22789 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-22789?
Check the references section above for vendor advisories and patch information. Affected products include: Safe Fme Server.