Esri ArcGIS Server versions 10.9.1 and below have an unvalidated redirect issue that may allow a remote, unauthenticated malicious user to phish a user into accessing an attacker controlled website via a crafted query parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
esri arcgis server |