Product:

Arcgis_server

(Esri)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 55
Date Id Summary Products Score Patch Annotated
2025-03-03 CVE-2024-51954 There is an improper access control issue in ArcGIS Server versions 10.9.1 through 11.3 on Windows and Linux, which under unique circumstances, could potentially allow a remote, low privileged authenticated attacker to access secure services published a standalone (Unfederated) ArcGIS Server instance.  If successful this compromise would have a high impact on Confidentiality, low impact on integrity and no impact to availability of the software. Arcgis_server 7.1
2025-03-03 CVE-2024-51945 There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 10.9.1 – 11.3 that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher capabilities. The impact is low to both confidentiality and integrity while having no impact to availability. Arcgis_server N/A
2025-03-03 CVE-2024-51946 There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 10.9.1 – 11.3 that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher capabilities. The impact is low to both confidentiality and integrity while having no impact to availability. Arcgis_server N/A
2025-03-03 CVE-2024-51947 There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 10.9.1 – 11.3 that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher capabilities. The impact is low to both confidentiality and integrity while having no impact to availability. Arcgis_server N/A
2025-03-03 CVE-2024-51948 There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 10.9.1 – 11.3 that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher capabilities. The impact is low to both confidentiality and integrity while having no impact to availability. Arcgis_server N/A
2025-03-03 CVE-2024-51949 There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 10.9.1 – 11.3 that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher capabilities. The impact is low to both confidentiality and integrity while having no impact to availability. Arcgis_server N/A
2025-03-03 CVE-2024-51950 There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 10.9.1 – 11.3 that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher capabilities. The impact is low to both confidentiality and integrity while having no impact to availability. Arcgis_server N/A
2025-03-03 CVE-2024-51951 There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 10.9.1 – 11.3 that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher capabilities. The impact is low to both confidentiality and integrity while having no impact to availability. Arcgis_server N/A
2025-03-03 CVE-2024-51952 There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 10.9.1 – 11.3 that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher capabilities. The impact is low to both confidentiality and integrity while having no impact to availability. Arcgis_server N/A
2025-03-03 CVE-2024-51953 There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 10.9.1 – 11.3 that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher capabilities. The impact is low to both confidentiality and integrity while having no impact to availability. Arcgis_server N/A