Ric

**Name of the Vulnerable Software and Affected Versions** FME Server versions 2019.2 and 2020.0 Beta **Description** The issue allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via the login page. The malicious script is executed when an administrator accesses the logs. **Recommendations** For FME Server version 2019.2, update to a version that contains a fix for this issue. For FME Server version 2020.0 Beta, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the login page and the logs to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FME Server versions 2019.2 and 2020.0 Beta **Description** The issue allows a remote attacker to execute arbitrary web script or HTML by injecting malicious code via modifying the `name` of the users. This code is executed when an administrator accesses the logs. **Recommendations** For FME Server version 2019.2, update to a version that includes the fix for this issue. For FME Server version 2020.0 Beta, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the logs for administrators until a patch is available.