CVE-2024-51962 SQL injection vulnerability in ArcGIS Server

A SQL injection vulnerability in ArcGIS Server allows an EDIT operation to modify column properties in a manner that could lead to SQL injection when performed by a remote authenticated user requiring elevated, non‑administrative privileges. Exploitation is restricted to users with advanced...

CVE-2024-25708

Esri Portal for ArcGIS Enterprise Web App Builder (versions 10.9.1 and below) is affected by a stored Cross-site Scripting vulnerability. The issue allows a remote, authenticated attacker to create a crafted link that, when clicked, could execute arbitrary JavaScript in the victim’s browser. The ...