Esri Arcgis Server is a Web-oriented, enterprise-class software platform for geolocation services from Esri, Inc. A cross-site scripting vulnerability exists in Esri Arcgis Server versions prior to 10.9 and Enterprise versions prior to 10.9, which can be exploited to inject malicious HTML attributes into arbitrary JavaScript code.