CVE-2024-51956

CVE-2024-51956 affects Esri ArcGIS Server (versions 11.3 and earlier) with a stored XSS vulnerability in the Administrator/Server interface. A remote, authenticated attacker with publisher privileges can craft a link that, when clicked by a user, may execute arbitrary JavaScript in the victim’s b...

CVE-2024-51956 Stored XSS vulnerability in ArcGIS Server Administrator Directory

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

CVE-2024-51953 Stored XSS in ArcGIS Server Rest services

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

CVE-2024-51953 Stored XSS in ArcGIS Server Rest services

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

CVE-2024-51951

CVE-2024-51951 describes a stored Cross-site Scripting (XSS) vulnerability in Esri ArcGIS Server. Affected versions are 10.9.1 through 11.3; an authenticated attacker with publisher privileges can craft a link that, when clicked, may execute arbitrary JavaScript in the victim’s browser. The impac...

CVE-2024-51948 Stored XSS vulnerability in Rest Services under Job ID

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

CVE-2024-51948

CVE-2024-51948 is a stored XSS vulnerability in Esri ArcGIS Server (versions 11.3 and earlier). The issue arises from a flaw where an authenticated, high-privilege user (publisher) can craft a link that, when clicked by a victim, may execute arbitrary JavaScript in the browser. Impact is describe...

CVE-2024-51948 Stored XSS vulnerability in Rest Services under Job ID

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

CVE-2024-51946 Stored XSS in Rest Services Directory under Identify operation

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

CVE-2024-51944 Stored XSS in Rest Services Directory

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

CVE-2024-51942

CVE-2024-51942 corresponds to a stored XSS in Esri ArcGIS Server, affecting 11.3 and earlier. An authenticated attacker with publisher permissions can deliver a crafted link that may execute JavaScript in the victim’s browser. Impact is described as low for confidentiality and integrity, none for...

CVE-2024-10904 Stored XSS in Server Admin API

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

CVE-2024-10904 Stored XSS in Server Admin API

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

CVE-2024-10904

CVE-2024-10904 affects Esri ArcGIS Server (versions 10.9.1–11.3). The vulnerability is a stored Cross-site Scripting (XSS) in the Server Admin API path that allows a remote, authenticated attacker with publisher privileges to create a crafted link which, when clicked, could execute arbitrary Java...

CVE-2024-5888 Stored XSS in Rest Services API for a Toolbox published as GP Service

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

CVE-2024-5888

CVE-2024-5888 affects Esri ArcGIS Server versions 10.9.1–11.3 with a stored XSS in link handling. An authenticated user with publisher privileges can craft a link that, when clicked, may execute arbitrary JavaScript in the victim’s browser. Impact is described as Low to Confidentiality and Integr...

Esri ArcGIS Server 跨站脚本漏洞

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...

Esri ArcGIS Server 跨站脚本漏洞

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A security vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create specially crafted links that, when clicked, may execute...

Esri ArcGIS Server 跨站脚本漏洞

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...

Esri ArcGIS Server 跨站脚本漏洞

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...