CVE-2023-25840
Affected software: ArcGIS Server 10.8.1 through 11.1. Vulnerability: Cross-site Scripting via crafted links that trigger onmouseover; an remote, authenticated attacker with high privileges could render an image in the victim’s browser. Root cause: XSS in the ArcGIS Server REST/HTML surface allowi...