4739 matches found
CVE-2024-51945
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...
CVE-2024-51960 Stored XSS in ArcGIS Server Administrator Directory
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...
CVE-2024-51960
CVE-2024-51960 affects Esri ArcGIS Server (versions 11.3 and earlier). The vulnerability is a stored Cross-site Scripting (XSS) in the ArcGIS Server Administrator Directory that can be exploited when a specially crafted link is created and clicked by an authenticated user with publisher privilege...
CVE-2024-51959
CVE-2024-51959 is a stored XSS vulnerability in Esri ArcGIS Server (versions 10.9.1–11.3). An authenticated attacker with publisher privileges can craft a link that, when clicked, may execute arbitrary JavaScript in the victim’s browser. Impact is described as low for confidentiality and integrit...
CVE-2024-51957
CVE-2024-51957 is a Stored XSS vulnerability in Esri ArcGIS Server versions 10.9.1 through 11.3. An authenticated attacker with publisher capabilities can create a specially crafted link that, when clicked by a victim, may execute arbitrary JavaScript in the browser. Impact is described as low to...
CVE-2024-51952
Concretely, CVE-2024-51952 affects Esri ArcGIS Server versions 10.9.1 through 11.3 with a stored Cross‑Site Scripting vulnerability that can be triggered by a malicious, crafted link. An authenticated attacker with publisher privileges could execute JavaScript in a victim’s browser, impacting con...
CVE-2024-51952 Stored XSS issue in ArcGIS Server
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...
CVE-2024-51951 Stored XSS in Server Admin API
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...
CVE-2024-51949 Stored XSS vulnerability in Rest Services under OGCFeature Service and Map Service
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...
CVE-2024-51947 Stored XSS vulnerability in Rest Services under Layer name
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...
CVE-2024-51947
ArcGIS Server (Esri) vulnerable: stored XSS in ArcGIS Server versions 11.3 and below via a crafted link, exploitable by a remote, authenticated attacker with publisher privileges. Impact is low on confidentiality and integrity; no impact to availability. Root cause: stored cross-site scripting in...
CVE-2024-51947 Stored XSS vulnerability in Rest Services under Layer name
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...
CVE-2024-51946
CVE-2024-51946 is an ArcGIS Server vulnerability. Affected product: Esri ArcGIS Server versions 10.9.1 through 11.3. Threat: stored Cross-site Scripting via a crafted link that, when clicked by an authenticated user with publisher privileges, can execute arbitrary JavaScript in the victim’s brows...
CVE-2024-51945
CVE-2024-51945 describes a stored XSS in Esri ArcGIS Server (versions ≤11.3). An authenticated attacker with publisher privileges can craft a link that, when clicked by a user, may execute arbitrary JavaScript in the browser. Impact is low for confidentiality and integrity; no availability impact...
CVE-2024-51944 Stored XSS in Rest Services Directory
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...
CVE-2024-51944
CVE-2024-51944 is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server (versions 10.9.1–11.3). The issue allows a remote, authenticated attacker with publisher privileges to craft a link that, when clicked, may execute arbitrary JavaScript in the victim’s browser. Impact is described...
CVE-2024-51942 Stored XSS vulnerability in Rest Admin API under Hosted Feature Services page
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...
CVE-2024-5888 Stored XSS in Rest Services API for a Toolbox published as GP Service
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...
CVE-2024-54179
IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus versions 24.0.0 and 24.0.1 (and earlier unsupported) are vulnerable to cross-site scripting (CWE-79). An authenticated user can embed arbitrary JavaScript in the Web UI, potentially exposing credentials w...
Security Bulletin: Cross-Site scripting vulnerability affect IBM Business Automation Workflow Advanced - CVE-2024-54179
Summary IBM Business Automation Workflow is vulnerable to a Cross Site Scripting attack. Vulnerability Details CVEID:CVE-2024-54179 DESCRIPTION: IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript co...