Vulnerability Description
Authenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to execute codeby injecting arbitrary web script or HTML via modifying the name of the users. The XSS is executed when an administrator access the logs.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Safe | Fme Server | 2019.0 |
Related Weaknesses (CWE)
References
- https://community.safe.com/s/article/FME-Server-Stored-Cross-Site-Scripting-XSS-Vendor Advisory
- https://community.safe.com/s/article/fme-server-2019-security-updateVendor Advisory
- https://mexicanpentester.com/2020/04/09/vulnerabilities-in-fme-server-versions-2ExploitThird Party Advisory
- https://community.safe.com/s/article/FME-Server-Stored-Cross-Site-Scripting-XSS-Vendor Advisory
- https://community.safe.com/s/article/fme-server-2019-security-updateVendor Advisory
- https://mexicanpentester.com/2020/04/09/vulnerabilities-in-fme-server-versions-2ExploitThird Party Advisory
FAQ
What is CVE-2020-22790?
CVE-2020-22790 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Authenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to execute codeby injecting arbitrary web script or HTML via modifying the name of the users. The XSS is...
How severe is CVE-2020-22790?
CVE-2020-22790 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-22790?
Check the references section above for vendor advisories and patch information. Affected products include: Safe Fme Server.