cbcvebase.

Esri Arcgis Server vulnerabilities

68 known vulnerabilities affecting esri/arcgis_server.

Total CVEs
68
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH6MEDIUM54LOW4

Vulnerabilities

Page 3 of 4
CVE-2021-29105P4MEDIUMCVSS 5.4fixed in 10.9.0≥ All, < 10.9.02021-07-11
CVE-2021-29105 [MEDIUM] CWE-79 CVE-2021-29105: A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server Services Directory version 1 A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server Services Directory version 10.8.1 and below may allow a remote authenticated attacker to pass and store malicious strings in the ArcGIS Services Directory.
nvd
CVE-2021-29113P4MEDIUMCVSS 4.7≤ 10.9.0≥ 10.9, ≤ 10.9.02021-12-07
CVE-2021-29113 [MEDIUM] CWE-98 CVE-2021-29113: A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, un A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, unauthenticated attacker to inject attacker supplied html into a page.
nvd
CVE-2026-2813P4MEDIUMCVSS 4.1v11.52026-05-20
CVE-2026-2813 [MEDIUM] CWE-601 CVE-2026-2813: ArcGIS Server contains an input validation weakness in the login redirection workflow. An Authentica ArcGIS Server contains an input validation weakness in the login redirection workflow. An Authenticated attacker could exploit this issue by sending a specially crafted request, Successful exploitation may result in the application redirecting the browser to an unintended, untrusted site, resulting in a limited confidentiality impact under specific us
nvd
CVE-2024-51945P4MEDIUMCVSS 4.8≥ 10.9.1, ≤ 11.3≥ all, ≤ 11.32025-03-03
CVE-2024-51945 [MEDIUM] CWE-79 CVE-2024-51945: There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below th There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher c
nvd
CVE-2024-51959P4MEDIUMCVSS 4.8≥ 10.9.1, ≤ 11.3≥ all, ≤ 11.32025-03-03
CVE-2024-51959 [MEDIUM] CWE-79 CVE-2024-51959: There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below th There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher c
nvd
CVE-2024-51956P4MEDIUMCVSS 4.8≥ 10.9.1, ≤ 11.3≥ all, ≤ 11.32025-03-03
CVE-2024-51956 [MEDIUM] CWE-79 CVE-2024-51956: There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below th There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher c
nvd
CVE-2024-51944P4MEDIUMCVSS 4.8≥ 10.9.1, ≤ 11.3≥ all, ≤ 11.32025-03-03
CVE-2024-51944 [MEDIUM] CWE-79 CVE-2024-51944: There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below th There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher c
nvd
CVE-2024-51963P4MEDIUMCVSS 4.8≥ 10.9.1, ≤ 11.3≥ all, ≤ 11.32025-03-03
CVE-2024-51963 [MEDIUM] CWE-79 CVE-2024-51963: There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and follow t There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and follow that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher
nvd
CVE-2024-51957P4MEDIUMCVSS 4.8≥ 10.9.1, ≤ 11.3≥ all, ≤ 11.32025-03-03
CVE-2024-51957 [MEDIUM] CWE-79 CVE-2024-51957: There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below th There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher c
nvd
CVE-2024-51960P4MEDIUMCVSS 4.8≥ 10.9.1, ≤ 11.3≥ all, ≤ 11.32025-03-03
CVE-2024-51960 [MEDIUM] CWE-79 CVE-2024-51960: There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below th There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher c
nvd
CVE-2024-51946P4MEDIUMCVSS 4.8≥ 10.9.1, ≤ 11.3≥ all, ≤ 11.32025-03-03
CVE-2024-51946 [MEDIUM] CWE-79 CVE-2024-51946: There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below th There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher c
nvd
CVE-2024-51952P4MEDIUMCVSS 4.8≥ 10.9.1, ≤ 11.3≥ all, ≤ 11.32025-03-03
CVE-2024-51952 [MEDIUM] CWE-79 CVE-2024-51952: There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below th There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher c
nvd
CVE-2024-10904P4MEDIUMCVSS 4.8≥ 10.9.1, ≤ 11.3≥ all, ≤ 11.32025-03-03
CVE-2024-10904 [MEDIUM] CWE-79 CVE-2024-10904: There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below th There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher c
nvd
CVE-2024-51948P4MEDIUMCVSS 4.8≥ 10.9.1, ≤ 11.3≥ all, ≤ 11.32025-03-03
CVE-2024-51948 [MEDIUM] CWE-79 CVE-2024-51948: There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below th There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher c
nvd
CVE-2024-51950P4MEDIUMCVSS 4.8≥ 10.9.1, ≤ 11.3≥ all, ≤ 11.32025-03-03
CVE-2024-51950 [MEDIUM] CWE-79 CVE-2024-51950: There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below th There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher c
nvd
CVE-2024-51949P4MEDIUMCVSS 4.8≥ 10.9.1, ≤ 11.3≥ all, ≤ 11.32025-03-03
CVE-2024-51949 [MEDIUM] CWE-79 CVE-2024-51949: There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below th There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher c
nvd
CVE-2024-51942P4MEDIUMCVSS 4.8≥ 10.9.1, ≤ 11.3≥ all, ≤ 11.32025-03-03
CVE-2024-51942 [MEDIUM] CWE-79 CVE-2024-51942: There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below th There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher c
nvd
CVE-2024-51947P4MEDIUMCVSS 4.8≥ 10.9.1, ≤ 11.3≥ all, ≤ 11.32025-03-03
CVE-2024-51947 [MEDIUM] CWE-79 CVE-2024-51947: There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below th There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher c
nvd
CVE-2024-5888P4MEDIUMCVSS 4.8≥ 10.9.1, ≤ 11.3≥ all, ≤ 11.32025-03-03
CVE-2024-5888 [MEDIUM] CWE-79 CVE-2024-5888: There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below th There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher cap
nvd
CVE-2024-51953P4MEDIUMCVSS 4.8≥ 10.9.1, ≤ 11.3≥ all, ≤ 11.32025-03-03
CVE-2024-51953 [MEDIUM] CWE-79 CVE-2024-51953: There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below th There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher c
nvd
Esri Arcgis Server vulnerabilities | cvebase