Описание
There is a Cross-site Scripting vulnerability in ArcGIS Server in versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link which onmouseover wont execute but could potentially render an image in the victims browser. The privileges required to execute this attack are high.
Ссылки
- Release NotesVendor Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 10.8.1 (включая) до 11.1 (исключая)
Одновременно
cpe:2.3:a:esri:arcgis_server:*:*:*:*:*:*:*:*
Одно из
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
EPSS
Процентиль: 39%
0.00176
Низкий
3.4 Low
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 3.4
github
больше 2 лет назад
There is a Cross-site Scripting vulnerability in ArcGIS Server in versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link which onmouseover wont execute but could potentially render an image in the victims browser. The privileges required to execute this attack are high.
EPSS
Процентиль: 39%
0.00176
Низкий
3.4 Low
CVSS3
Дефекты
CWE-79