CVE-2022-38198

Name of the Vulnerable Software and Affected Versions Esri ArcGIS Server services directory versions 10.9.1 and below

Description The issue is a reflected cross site scripting problem that may allow a remote, unauthenticated attacker to convince a user to click on a crafted link, potentially executing arbitrary JavaScript code in the victim's browser.

Recommendations For Esri ArcGIS Server services directory versions 10.9.1 and below, update to a version above 10.9.1 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.