7 matches found
Esri ArcGIS Server 跨站脚本漏洞
Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...
Esri ArcGIS Server 跨站脚本漏洞
Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...
CVE-2022-38205
In some non-default installations of Esri Portal for ArcGIS versions 10.9.1 and below, a directory traversal issue may allow a remote, unauthenticated attacker to traverse the file system and lead to the disclosure of sensitive data not customer-published content...
CVE-2022-38209
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could execute arbitrary JavaScript code in the victim’s browser...
Esri Portal For ArcGIS 跨站脚本漏洞
Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A security vulnerability exists in Esri Portal for ArcGIS version 10.9.1 and earlier,...
CVE-2022-38198
There is a reflected cross site scripting issue in the Esri ArcGIS Server services directory versions 10.9.1 and below that may allow a remote, unauthenticated attacker to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser...
PT-2022-24275 · Esri · Esri Arcgis Server
Name of the Vulnerable Software and Affected Versions: Esri ArcGIS Server services directory versions 10.9.1 and below Description: The issue is a reflected cross site scripting problem that may allow a remote, unauthenticated attacker to convince a user to click on a crafted link, potentially...