CVE-2020-22789

Publication date

2021-04-28 20:43:05

Family

mitre

State

PUBLISHED

Description

Unauthenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via the login page. The XSS is executed when an administrator accesses the logs.