3 matches found
CVE-2024-10904
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...
CVE-2024-10904
CVE-2024-10904 affects Esri ArcGIS Server (versions 10.9.1–11.3). The vulnerability is a stored Cross-site Scripting (XSS) in the Server Admin API path that allows a remote, authenticated attacker with publisher privileges to create a crafted link which, when clicked, could execute arbitrary Java...
CVE-2024-10904 Stored XSS in Server Admin API
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...