PT-2022-24277 · Esri · Arcgis Server
Published
2022-10-25
·
Updated
2022-10-31
·
CVE-2022-38200
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
ArcGIS Server versions 10.7.1 through 10.8.1
Description
A cross-site scripting issue exists in certain map service configurations, allowing specifically crafted web requests to execute arbitrary JavaScript in the context of the victim's browser.
Recommendations
For ArcGIS Server version 10.7.1, update to a version that includes the fix for this issue.
For ArcGIS Server version 10.8.1, update to a version that includes the fix for this issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Arcgis Server