Lucene search
K

5966 matches found

NVD
NVD
added 2025/03/03 8:15 p.m.12 views

CVE-2024-51944

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

4.8CVSS0.00245EPSS
Exploits0References1
OSV
OSV
added 2025/03/03 8:15 p.m.6 views

CVE-2024-51944

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

4.8CVSS6AI score0.00245EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/03 7:59 p.m.12 views

CVE-2024-51963 Stored XSS in ArcGIS Server Manager

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and follow that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges require...

4.8CVSS5.2AI score0.00245EPSS
Exploits0References1
CVE
CVE
added 2025/03/03 7:59 p.m.57 views

CVE-2024-51963

CVE-2024-51963 is a stored cross-site scripting vulnerability in Esri ArcGIS Server Web Platform affecting versions 10.9.1–11.3. An authenticated, high-privilege attacker (publisher) can craft a link that executes arbitrary JavaScript in a victim’s browser. Impact is described as low to confident...

4.8CVSS5.2AI score0.00245EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/03/03 7:57 p.m.9 views

CVE-2024-51957 Stored XSS vulnerability in ArcGIS Rest Services Directory

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

4.8CVSS0.00245EPSS
Exploits0References1
CVE
CVE
added 2025/03/03 7:53 p.m.52 views

CVE-2024-51956

CVE-2024-51956 affects Esri ArcGIS Server (versions 11.3 and earlier) with a stored XSS vulnerability in the Administrator/Server interface. A remote, authenticated attacker with publisher privileges can craft a link that, when clicked by a user, may execute arbitrary JavaScript in the victim’s b...

4.8CVSS5.2AI score0.00245EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/03 7:53 p.m.16 views

CVE-2024-51956 Stored XSS vulnerability in ArcGIS Server Administrator Directory

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

4.8CVSS5.2AI score0.00245EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/03 7:53 p.m.12 views

CVE-2024-51953 Stored XSS in ArcGIS Server Rest services

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

4.8CVSS5.2AI score0.00245EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/03 7:53 p.m.16 views

CVE-2024-51953 Stored XSS in ArcGIS Server Rest services

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

4.8CVSS0.00245EPSS
Exploits0References1
CVE
CVE
added 2025/03/03 7:52 p.m.57 views

CVE-2024-51951

CVE-2024-51951 describes a stored Cross-site Scripting (XSS) vulnerability in Esri ArcGIS Server. Affected versions are 10.9.1 through 11.3; an authenticated attacker with publisher privileges can craft a link that, when clicked, may execute arbitrary JavaScript in the victim’s browser. The impac...

4.8CVSS5.2AI score0.00245EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/03/03 7:38 p.m.10 views

CVE-2024-51948 Stored XSS vulnerability in Rest Services under Job ID

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

4.8CVSS0.00245EPSS
Exploits0References1
CVE
CVE
added 2025/03/03 7:38 p.m.52 views

CVE-2024-51948

CVE-2024-51948 is a stored XSS vulnerability in Esri ArcGIS Server (versions 11.3 and earlier). The issue arises from a flaw where an authenticated, high-privilege user (publisher) can craft a link that, when clicked by a victim, may execute arbitrary JavaScript in the browser. Impact is describe...

4.8CVSS5.2AI score0.00245EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/03 7:38 p.m.7 views

CVE-2024-51948 Stored XSS vulnerability in Rest Services under Job ID

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

4.8CVSS5.2AI score0.00245EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/03 7:38 p.m.12 views

CVE-2024-51946 Stored XSS in Rest Services Directory under Identify operation

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

4.8CVSS5.2AI score0.00245EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/03 7:38 p.m.10 views

CVE-2024-51944 Stored XSS in Rest Services Directory

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

4.8CVSS0.00245EPSS
Exploits0References1
CVE
CVE
added 2025/03/03 7:37 p.m.56 views

CVE-2024-51942

CVE-2024-51942 corresponds to a stored XSS in Esri ArcGIS Server, affecting 11.3 and earlier. An authenticated attacker with publisher permissions can deliver a crafted link that may execute JavaScript in the victim’s browser. Impact is described as low for confidentiality and integrity, none for...

4.8CVSS5.2AI score0.00245EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/03/03 7:37 p.m.57 views

CVE-2024-10904

CVE-2024-10904 affects Esri ArcGIS Server (versions 10.9.1–11.3). The vulnerability is a stored Cross-site Scripting (XSS) in the Server Admin API path that allows a remote, authenticated attacker with publisher privileges to create a crafted link which, when clicked, could execute arbitrary Java...

4.8CVSS5.2AI score0.00245EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/03/03 7:37 p.m.14 views

CVE-2024-10904 Stored XSS in Server Admin API

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

4.8CVSS0.00245EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/03 7:37 p.m.9 views

CVE-2024-10904 Stored XSS in Server Admin API

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

4.8CVSS5.2AI score0.00245EPSS
Exploits0References1
CVE
CVE
added 2025/03/03 7:36 p.m.59 views

CVE-2024-5888

CVE-2024-5888 affects Esri ArcGIS Server versions 10.9.1–11.3 with a stored XSS in link handling. An authenticated user with publisher privileges can craft a link that, when clicked, may execute arbitrary JavaScript in the victim’s browser. Impact is described as Low to Confidentiality and Integr...

4.8CVSS5.2AI score0.00245EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder