Lucene search

EsriCVELIST:CVE-2021-29106

HistoryJul 10, 2021 - 2:26 p.m.

CVE-2021-29106 There is a reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server version 10.8.1 and below.

2021-07-1014:26:11

CWE-79

Esri

www.cve.org

cross site scripting

esri arcgis server

remote attacker

arbitrary javascript code

CVSS3

4.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

45.6%

JSON

A reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser.

CNA Affected

[
  {
    "platforms": [
      "x64"
    ],
    "product": "ArcGIS Server",
    "vendor": "Esri",
    "versions": [
      {
        "lessThan": "10.9.0",
        "status": "affected",
        "version": "All",
        "versionType": "custom"
      }
    ]
  }
]

References

www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-security-2021-update-1-patch/

CVSS3

4.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

45.6%

JSON

Related for CVELIST:CVE-2021-29106