Published: 08/04/2021 Updated: 08/04/2021

Vulnerability Summary

A cross-site scripting (XSS) vulnerability in the Document Link of documents in ESRI ArcGIS Online prior to 10.9 and Enterprise prior to 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror (in the URL field of the Parameters tab).

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend