6.1
CVE-2020-22789
- EPSS 0.58%
- Veröffentlicht 28.04.2021 21:15:08
- Zuletzt bearbeitet 21.11.2024 05:13:25
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginUnauthenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via the login page. The XSS is executed when an administrator accesses the logs.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Safe ≫ Fme Server Version2019.0
Safe ≫ Fme Server Version2019.1
Safe ≫ Fme Server Version2019.2 Updatebeta
Safe ≫ Fme Server Version2020.0 Updatebeta
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.58% | 0.68 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.