Lucene search

MitreCVELIST:CVE-2022-38339

HistorySep 19, 2022 - 12:00 a.m.

CVE-2022-38339

2022-09-1900:00:00

mitre

www.cve.org

safe software fme server

xss

vulnerability

cross-site scripting

arbitrary web scripts

html

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

0.001

Percentile

33.5%

JSON

Safe Software FME Server v2021.2.5, v2022.0.0.2 and below contains a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the login page.

References

community.safe.com/s/article/FME-Server-Stored-Cross-Site-Scripting-XSS-Vulnerabilities

www.cycura.com/blog/safe-software-inc-fme-server-vulnerability-disclosure/

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

0.001

Percentile

33.5%

JSON

Related for CVELIST:CVE-2022-38339