CVE-2021-29106

Name of the Vulnerable Software and Affected Versions: Esri ArcGIS Server versions 10.8.1 and below

Description: A reflected Cross Site Scripting (XSS) vulnerability may allow a remote attacker to convince a user to click on a crafted link, potentially executing arbitrary JavaScript code in the user’s browser.

Recommendations: For Esri ArcGIS Server versions 10.8.1 and below, update to a version above 10.8.1 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.