5966 matches found
CVE-2024-51944
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...
CVE-2024-51944
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...
CVE-2024-51963 Stored XSS in ArcGIS Server Manager
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and follow that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges require...
CVE-2024-51963
CVE-2024-51963 is a stored cross-site scripting vulnerability in Esri ArcGIS Server Web Platform affecting versions 10.9.1–11.3. An authenticated, high-privilege attacker (publisher) can craft a link that executes arbitrary JavaScript in a victim’s browser. Impact is described as low to confident...
CVE-2024-51957 Stored XSS vulnerability in ArcGIS Rest Services Directory
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...
CVE-2024-51956
CVE-2024-51956 affects Esri ArcGIS Server (versions 11.3 and earlier) with a stored XSS vulnerability in the Administrator/Server interface. A remote, authenticated attacker with publisher privileges can craft a link that, when clicked by a user, may execute arbitrary JavaScript in the victim’s b...
CVE-2024-51956 Stored XSS vulnerability in ArcGIS Server Administrator Directory
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...
CVE-2024-51953 Stored XSS in ArcGIS Server Rest services
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...
CVE-2024-51953 Stored XSS in ArcGIS Server Rest services
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...
CVE-2024-51951
CVE-2024-51951 describes a stored Cross-site Scripting (XSS) vulnerability in Esri ArcGIS Server. Affected versions are 10.9.1 through 11.3; an authenticated attacker with publisher privileges can craft a link that, when clicked, may execute arbitrary JavaScript in the victim’s browser. The impac...
CVE-2024-51948 Stored XSS vulnerability in Rest Services under Job ID
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...
CVE-2024-51948
CVE-2024-51948 is a stored XSS vulnerability in Esri ArcGIS Server (versions 11.3 and earlier). The issue arises from a flaw where an authenticated, high-privilege user (publisher) can craft a link that, when clicked by a victim, may execute arbitrary JavaScript in the browser. Impact is describe...
CVE-2024-51948 Stored XSS vulnerability in Rest Services under Job ID
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...
CVE-2024-51946 Stored XSS in Rest Services Directory under Identify operation
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...
CVE-2024-51944 Stored XSS in Rest Services Directory
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...
CVE-2024-51942
CVE-2024-51942 corresponds to a stored XSS in Esri ArcGIS Server, affecting 11.3 and earlier. An authenticated attacker with publisher permissions can deliver a crafted link that may execute JavaScript in the victim’s browser. Impact is described as low for confidentiality and integrity, none for...
CVE-2024-10904
CVE-2024-10904 affects Esri ArcGIS Server (versions 10.9.1–11.3). The vulnerability is a stored Cross-site Scripting (XSS) in the Server Admin API path that allows a remote, authenticated attacker with publisher privileges to create a crafted link which, when clicked, could execute arbitrary Java...
CVE-2024-10904 Stored XSS in Server Admin API
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...
CVE-2024-10904 Stored XSS in Server Admin API
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...
CVE-2024-5888
CVE-2024-5888 affects Esri ArcGIS Server versions 10.9.1–11.3 with a stored XSS in link handling. An authenticated user with publisher privileges can craft a link that, when clicked, may execute arbitrary JavaScript in the victim’s browser. Impact is described as Low to Confidentiality and Integr...