5.4
CVE-2020-22790
- EPSS 0.52%
- Veröffentlicht 28.04.2021 21:15:08
- Zuletzt bearbeitet 21.11.2024 05:13:25
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAuthenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to execute codeby injecting arbitrary web script or HTML via modifying the name of the users. The XSS is executed when an administrator access the logs.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Safe ≫ Fme Server Version2019.0
Safe ≫ Fme Server Version2019.1
Safe ≫ Fme Server Version2019.2 Updatebeta
Safe ≫ Fme Server Version2020.0 Updatebeta
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.52% | 0.661 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.