CVE-2014-9741

2015-07-0815:00:00

mitre

www.cve.org

esri

arcgis

xss

vulnerabilities

remote attackers

web script

html

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

57.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Desktop, ArcGIS for Engine, and ArcGIS for Server 10.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

blogs.esri.com/esri/arcgis/2014/09/04/arcgis-for-server-security-patch-10-1-sp1-qip-10-2-1-10-2-2/

support.esri.com/en/downloads/patches-servicepacks/view/productid/67/metaid/2223

www.securitytracker.com/id/1032733