PT-2023-20348 · Esri · Esri Arcgis Server
Published
2023-07-21
·
Updated
2024-10-08
·
CVE-2023-25841
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Esri ArcGIS Server versions 10.8.1 through 11.0
Description
There is a stored Cross-site Scripting issue that may allow a remote, unauthenticated attacker to create crafted content which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
Recommendations
For Esri ArcGIS Server versions 10.8.1 through 11.0, disable anonymous access to ArcGIS Feature services with edit capabilities as a mitigation measure.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Esri Arcgis Server