A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server feature services versions 10.8.1 and 10.9 (only) feature services may allow a remote, unauthenticated malicious user to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
esri arcgis server 10.9.0 |
||
esri arcgis server 10.8.1 |