CVE-2021-29103

Name of the Vulnerable Software and Affected Versions: ArcGIS Server versions 10.8.1 and below

Description: A reflected Cross Site Scripting (XXS) vulnerability may allow a remote attacker to convince a user to click on a crafted link, potentially executing arbitrary JavaScript code in the user’s browser.

Recommendations: For ArcGIS Server versions 10.8.1 and below, update to a version above 10.8.1 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.