Medium severity5.4NVD Advisory· Published Apr 28, 2021· Updated Jun 17, 2026
CVE-2020-22790
CVE-2020-22790
Description
Authenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to execute codeby injecting arbitrary web script or HTML via modifying the name of the users. The XSS is executed when an administrator access the logs.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- FME/Serverdescription
- Range: 2019.2, 2020.0 Beta
Patches
Vulnerability mechanics
References
3- mexicanpentester.com/2020/04/09/vulnerabilities-in-fme-server-versions-2019-2-and-2020-0-beta-and-probably-previous-versions/nvdExploitThird Party Advisory
- community.safe.com/s/article/FME-Server-Stored-Cross-Site-Scripting-XSS-VulnerabilitiesnvdVendor Advisory
- community.safe.com/s/article/fme-server-2019-security-updatenvdVendor Advisory
News mentions
0No linked articles in our index yet.