Esri Arcgis Server vulnerabilities
68 known vulnerabilities affecting esri/arcgis_server.
Total CVEs
68
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH6MEDIUM54LOW4
Vulnerabilities
Page 4 of 4
CVE-2024-51951P4MEDIUMCVSS 4.8≥ 10.9.1, ≤ 11.3≥ all, ≤ 11.32025-03-03
CVE-2024-51951 [MEDIUM] CWE-79 CVE-2024-51951: There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below th
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher c
nvd
CVE-2014-5122P4MEDIUMCVSS 5.8v10.1.12014-08-22
CVE-2014-5122 [MEDIUM] CVE-2014-5122: Open redirect vulnerability in ESRI ArcGIS for Server 10.1.1 allows remote attackers to redirect use
Open redirect vulnerability in ESRI ArcGIS for Server 10.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, related to login.
nvd
CVE-2014-5121P4MEDIUMCVSS 4.3v10.1.12014-08-22
CVE-2014-5121 [MEDIUM] CWE-79 CVE-2014-5121: Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1.1 allow remote at
Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
nvd
CVE-2014-9741P4MEDIUMCVSS 4.3≤ 10.2.22015-07-08
CVE-2014-9741 [MEDIUM] CWE-79 CVE-2014-9741: Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Desktop, ArcGIS for Engine, a
Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Desktop, ArcGIS for Engine, and ArcGIS for Server 10.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2013-5221P4LOWCVSS 3.5v10.1v10.22013-09-24
CVE-2013-5221 [LOW] CVE-2013-5221: The mobile-upload feature in Esri ArcGIS for Server 10.1 through 10.2 allows remote authenticated us
The mobile-upload feature in Esri ArcGIS for Server 10.1 through 10.2 allows remote authenticated users to upload .exe files by leveraging (1) publisher or (2) administrator privileges.
nvd
CVE-2013-5222P4LOWCVSS 3.5v10.12013-12-30
CVE-2013-5222 [LOW] CWE-79 CVE-2013-5222: Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1 allow remote auth
Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2013-7231P4LOWCVSS 3.5v10.1v10.22013-12-30
CVE-2013-7231 [LOW] CVE-2013-7231: Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1
Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1 and 10.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-5222.
nvd
CVE-2023-25840P4LOWCVSS 3.4≥ 10.8.1, < 11.12023-07-21
CVE-2023-25840 [LOW] CWE-79 CVE-2023-25840: There is a Cross-site Scripting vulnerability in ArcGIS Server in versions 11.1 and below that may a
There is a Cross-site Scripting vulnerability in ArcGIS Server in versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link which onmouseover wont execute but could potentially render an image in the victims browser. The privileges required to execute this attack are high.
nvd
← Previous4 / 4