Vulnerability Details CVE-2022-38339
Safe Software FME Server v2021.2.5, v2022.0.0.2 and below contains a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the login page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.2%
CVSS Severity
CVSS v3 Score 9.6
References
- https://community.safe.com/s/article/FME-Server-Stored-Cross-Site-Scripting-XSS-Vulnerabilities
- https://www.cycura.com/blog/safe-software-inc-fme-server-vulnerability-disclosure/
- https://community.safe.com/s/article/FME-Server-Stored-Cross-Site-Scripting-XSS-Vulnerabilities
- https://www.cycura.com/blog/safe-software-inc-fme-server-vulnerability-disclosure/
Products affected by CVE-2022-38339
-
cpe:2.3:a:safe:fme_server:-
-
cpe:2.3:a:safe:fme_server:1.47
-
cpe:2.3:a:safe:fme_server:2.0
-
cpe:2.3:a:safe:fme_server:2.1
-
cpe:2.3:a:safe:fme_server:2.2
-
cpe:2.3:a:safe:fme_server:2.3
-
cpe:2.3:a:safe:fme_server:2000
-
cpe:2.3:a:safe:fme_server:2002
-
cpe:2.3:a:safe:fme_server:2003
-
cpe:2.3:a:safe:fme_server:2004
-
cpe:2.3:a:safe:fme_server:2005
-
cpe:2.3:a:safe:fme_server:2006
-
cpe:2.3:a:safe:fme_server:2007
-
cpe:2.3:a:safe:fme_server:2008
-
cpe:2.3:a:safe:fme_server:2009
-
cpe:2.3:a:safe:fme_server:2010
-
cpe:2.3:a:safe:fme_server:2011
-
cpe:2.3:a:safe:fme_server:2012
-
cpe:2.3:a:safe:fme_server:2013
-
cpe:2.3:a:safe:fme_server:2014
-
cpe:2.3:a:safe:fme_server:2015.0
-
cpe:2.3:a:safe:fme_server:2015.1.0
-
cpe:2.3:a:safe:fme_server:2015.1.0.1
-
cpe:2.3:a:safe:fme_server:2015.1.0.2
-
cpe:2.3:a:safe:fme_server:2015.1.0.3
-
cpe:2.3:a:safe:fme_server:2015.1.1
-
cpe:2.3:a:safe:fme_server:2015.1.2
-
cpe:2.3:a:safe:fme_server:2015.1.2.1
-
cpe:2.3:a:safe:fme_server:2015.1.3
-
cpe:2.3:a:safe:fme_server:2015.1.3.1
-
cpe:2.3:a:safe:fme_server:2015.1.3.2
-
cpe:2.3:a:safe:fme_server:2016.0
-
cpe:2.3:a:safe:fme_server:2016.0.1
-
cpe:2.3:a:safe:fme_server:2016.0.1.1
-
cpe:2.3:a:safe:fme_server:2016.0.1.2
-
cpe:2.3:a:safe:fme_server:2016.1
-
cpe:2.3:a:safe:fme_server:2016.1.0.1
-
cpe:2.3:a:safe:fme_server:2016.1.1
-
cpe:2.3:a:safe:fme_server:2016.1.2
-
cpe:2.3:a:safe:fme_server:2016.1.2.1
-
cpe:2.3:a:safe:fme_server:2016.1.3
-
cpe:2.3:a:safe:fme_server:2016.1.3.1
-
cpe:2.3:a:safe:fme_server:2016.1.3.2
-
cpe:2.3:a:safe:fme_server:2016.1.3.3
-
cpe:2.3:a:safe:fme_server:2017.0
-
cpe:2.3:a:safe:fme_server:2017.0.0.1
-
cpe:2.3:a:safe:fme_server:2017.0.0.2
-
cpe:2.3:a:safe:fme_server:2017.0.1
-
cpe:2.3:a:safe:fme_server:2017.0.1.1
-
cpe:2.3:a:safe:fme_server:2017.0.1.2
-
cpe:2.3:a:safe:fme_server:2017.1
-
cpe:2.3:a:safe:fme_server:2017.1.1
-
cpe:2.3:a:safe:fme_server:2017.1.1.1
-
cpe:2.3:a:safe:fme_server:2017.1.2
-
cpe:2.3:a:safe:fme_server:2017.1.2.1
-
cpe:2.3:a:safe:fme_server:2018.0
-
cpe:2.3:a:safe:fme_server:2018.0.0.1
-
cpe:2.3:a:safe:fme_server:2018.0.0.2
-
cpe:2.3:a:safe:fme_server:2018.0.0.3
-
cpe:2.3:a:safe:fme_server:2018.0.1
-
cpe:2.3:a:safe:fme_server:2018.0.1.1
-
cpe:2.3:a:safe:fme_server:2018.1
-
cpe:2.3:a:safe:fme_server:2018.1.0.1
-
cpe:2.3:a:safe:fme_server:2018.1.0.2
-
cpe:2.3:a:safe:fme_server:2018.1.0.3
-
cpe:2.3:a:safe:fme_server:2018.1.1
-
cpe:2.3:a:safe:fme_server:2019.0
-
cpe:2.3:a:safe:fme_server:2019.1
-
cpe:2.3:a:safe:fme_server:2019.2
-
cpe:2.3:a:safe:fme_server:2019.2.0.0
-
cpe:2.3:a:safe:fme_server:2019.2.1.0
-
cpe:2.3:a:safe:fme_server:2019.2.2.0
-
cpe:2.3:a:safe:fme_server:2019.2.3.2
-
cpe:2.3:a:safe:fme_server:2020.0
-
cpe:2.3:a:safe:fme_server:2020.0.0.1
-
cpe:2.3:a:safe:fme_server:2020.0.1.0
-
cpe:2.3:a:safe:fme_server:2020.0.2.1
-
cpe:2.3:a:safe:fme_server:2020.0.3.0
-
cpe:2.3:a:safe:fme_server:2020.1
-
cpe:2.3:a:safe:fme_server:2020.1.1.1
-
cpe:2.3:a:safe:fme_server:2020.1.2.1
-
cpe:2.3:a:safe:fme_server:2020.1.3.0
-
cpe:2.3:a:safe:fme_server:2020.2.0.0
-
cpe:2.3:a:safe:fme_server:2020.2.1.0
-
cpe:2.3:a:safe:fme_server:2020.2.2.0
-
cpe:2.3:a:safe:fme_server:2020.2.3.0
-
cpe:2.3:a:safe:fme_server:2020.2.4.0
-
cpe:2.3:a:safe:fme_server:2020.2.5.0
-
cpe:2.3:a:safe:fme_server:2021.0.0.1
-
cpe:2.3:a:safe:fme_server:2021.0.1.0
-
cpe:2.3:a:safe:fme_server:2021.2.3
-
cpe:2.3:a:safe:fme_server:2022.0.0.0
-
cpe:2.3:a:safe:fme_server:2022.0.0.2
-
cpe:2.3:a:safe:fme_server:2022.0.1