CVE-2022-38339

Name of the Vulnerable Software and Affected Versions Safe Software FME Server versions prior to v2022.0.1.1

Description The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the login page, specifically through a cross-site scripting (XSS) vulnerability. This enables attackers to potentially steal user sessions, deface websites, or redirect the user to malicious sites.

Recommendations For versions prior to v2022.0.1.1, as a temporary workaround, consider restricting access to the login page until a patch is available. Avoid using the login functionality with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.