Vulnerabilities > Safe > FME Server > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-09-19 CVE-2022-38339 Cross-site Scripting vulnerability in Safe FME Server
Safe Software FME Server v2021.2.5, v2022.0.0.2 and below contains a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the login page.
network
low complexity
safe CWE-79
6.1
2022-09-13 CVE-2022-38342 XXE vulnerability in Safe FME Server
Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a XML External Entity (XXE) vulnerability which allows authenticated attackers to perform data exfiltration or Server-Side Request Forgery (SSRF) attacks.
network
low complexity
safe CWE-611
6.5
2021-04-28 CVE-2020-22790 Cross-site Scripting vulnerability in Safe FME Server
Authenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to execute codeby injecting arbitrary web script or HTML via modifying the name of the users.
network
low complexity
safe CWE-79
5.4
2021-04-28 CVE-2020-22789 Cross-site Scripting vulnerability in Safe FME Server
Unauthenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via the login page.
network
low complexity
safe CWE-79
6.1