Cross site scripting

2015-07-0815:59:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Desktop, ArcGIS for Engine, and ArcGIS for Server 10.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CPENameOperatorVersion
arcgis_for_desktople10.2.2
arcgis_for_enginele10.2.2
arcgis_for_serverle10.2.2

Name	Operator	Version
arcgis_for_desktop	le	10.2.2
arcgis_for_engine	le	10.2.2
arcgis_for_server	le	10.2.2

References

blogs.esri.com/esri/arcgis/2014/09/04/arcgis-for-server-security-patch-10-1-sp1-qip-10-2-1-10-2-2/

support.esri.com/en/downloads/patches-servicepacks/view/productid/67/metaid/2223

www.securitytracker.com/id/1032733