CVE-2024-51953 Stored XSS in ArcGIS Server Rest services

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

CVE-2024-51951

CVE-2024-51951 describes a stored Cross-site Scripting (XSS) vulnerability in Esri ArcGIS Server. Affected versions are 10.9.1 through 11.3; an authenticated attacker with publisher privileges can craft a link that, when clicked, may execute arbitrary JavaScript in the victim’s browser. The impac...

CVE-2024-51948 Stored XSS vulnerability in Rest Services under Job ID

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

CVE-2024-51948

CVE-2024-51948 is a stored XSS vulnerability in Esri ArcGIS Server (versions 11.3 and earlier). The issue arises from a flaw where an authenticated, high-privilege user (publisher) can craft a link that, when clicked by a victim, may execute arbitrary JavaScript in the browser. Impact is describe...

CVE-2024-51948 Stored XSS vulnerability in Rest Services under Job ID

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

CVE-2024-51946 Stored XSS in Rest Services Directory under Identify operation

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

CVE-2024-51944 Stored XSS in Rest Services Directory

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

CVE-2024-51942

CVE-2024-51942 corresponds to a stored XSS in Esri ArcGIS Server, affecting 11.3 and earlier. An authenticated attacker with publisher permissions can deliver a crafted link that may execute JavaScript in the victim’s browser. Impact is described as low for confidentiality and integrity, none for...

CVE-2024-10904

CVE-2024-10904 affects Esri ArcGIS Server (versions 10.9.1–11.3). The vulnerability is a stored Cross-site Scripting (XSS) in the Server Admin API path that allows a remote, authenticated attacker with publisher privileges to create a crafted link which, when clicked, could execute arbitrary Java...

CVE-2024-10904 Stored XSS in Server Admin API

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

CVE-2024-10904 Stored XSS in Server Admin API

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

CVE-2024-5888 Stored XSS in Rest Services API for a Toolbox published as GP Service

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

CVE-2024-5888

CVE-2024-5888 affects Esri ArcGIS Server versions 10.9.1–11.3 with a stored XSS in link handling. An authenticated user with publisher privileges can craft a link that, when clicked, may execute arbitrary JavaScript in the victim’s browser. Impact is described as Low to Confidentiality and Integr...

Esri ArcGIS Server 跨站脚本漏洞

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A security vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create specially crafted links that, when clicked, may execute...

Esri ArcGIS Server 跨站脚本漏洞

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...

Esri ArcGIS Server 跨站脚本漏洞

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...

Esri ArcGIS Server 跨站脚本漏洞

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...

Linux Distros Unpatched Vulnerability : CVE-2010-1585

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14,...

Cross-Site Scripting (XSS)

NagVis is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to user-supplied input being reflected in responses without adequate sanitization, and attackers can exploit this by crafting malicious links that execute arbitrary JavaScript in the victim's browser when clicked, affectin...

CVE-2025-1746

Cross-Site Scripting vulnerability in OpenCart versions prior to 4.1.0. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the search in the /product/search endpoint. This vulnerability could be exploited to steal...