CVE-2021-29116

Name of the Vulnerable Software and Affected Versions Esri ArcGIS Server feature services versions 10.8.1 and 10.9

Description The issue is related to a stored Cross Site Scripting (XSS) vulnerability. This vulnerability may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries, potentially executing arbitrary JavaScript code in the user's browser.

Recommendations For Esri ArcGIS Server feature services versions 10.8.1 and 10.9, consider disabling the feature services until a patch is available to prevent the storage and execution of malicious strings. Restrict access to crafted queries to minimize the risk of exploitation. Avoid using the feature services for storing or passing user-input data until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.