This XSS flaw may lead to information leak or may be exploited by hackers to conduct session hijacking or clickjacking. Vulnerable versions of FME Software can be exploited via malicious email or instant messages, or via malicious web pages. What’s worse, the latest version of FME Software, v2021.2.5, v2022.0.0.2 has a critical vulnerability in its XML parsing code that can be exploited by attackers to inject malicious scripts or install malware on a device. The impact of this vulnerability can be severe, as it can lead to cross-site scripting and cross-site request forgery attacks. As a result, an attacker may be able to steal sensitive data from users, such as login credentials, or even hijack their session and perform actions on their behalf.

Cross Site Scripting (XSS)

Cross Site Scripting is a vulnerability that enables hackers to inject malicious scripts or install malware on a device without requiring user interaction. If exploited, this vulnerability can lead to session hijacking and clickjacking attacks. Cross-site scripting vulnerabilities typically occur when an attacker can find a way to inject a malicious script into the vulnerable website’s pages.

Vulnerability details

FME Software is an electronic medical record software package that provides a framework for electronic medical records. FME is commonly used in hospitals and clinics, so many people use it for the purposes of healthcare. This vulnerability impacts FME’s XML parsing code, which can be exploited by attackers to maliciously inject scripts into a web application or install malware on a device.
The vulnerability was discovered by security researcher Scott Tenaglia and affects versions of FME Software dating back to 2012, with the most recent version having this flaw fixed. As a result, this could have significant impact on those who have not updated their software since the vulnerability was raised to the vendor’s attention.

FME Software XML Parsing Vulnerability

FME Software is an integrated content management system (CMS) for websites. It includes modules for managing content, design, and hosting. FME Software has a vulnerability in its XML parsing code that can lead to cross-site scripting and cross-site request forgery attacks. A skilled attacker could exploit this vulnerability to steal sensitive data from users, such as login credentials or hijack their session and perform actions on their behalf.

FME Software – A Web Application for Manufacturing

FME Software is an enterprise application which helps manufacturers automate some of the manual tasks that are required for manufacturing. This software can be used by a variety of industries, including automotive and aerospace manufacturing. FME Software is used in several different ways: as a web application, on tablet devices, and in the cloud.
The software is available in both Windows and Android versions, and it can also be accessed from any browser or device. With this software, users will have access to all of their data remotely, making it possible for them to work from their office or home. The product is also integrated with ERP systems like SAP and Oracle to help streamline quality assurance processes.

Timeline

Published on: 09/19/2022 22:15:00 UTC
Last modified on: 09/23/2022 18:15:00 UTC

References