Описание
There is a Cross Site Scripting issue in Esri ArcGIS Pro versions 3.6.0 and earlier. A local attacker could supply malicious strings into ArcGIS Pro which may execute when a specific dialog is opened. This issue is fixed in ArcGIS Pro 3.6.1.
Уязвимые конфигурации
Конфигурация 1Версия до 3.6.1 (исключая)
cpe:2.3:a:esri:arcgis_pro:*:*:*:*:*:*:*:*
EPSS
Процентиль: 0%
0.00006
Низкий
5 Medium
CVSS3
4.6 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5
github
12 дней назад
There is a Cross Site Scripting issue in Esri ArcGIS Pro versions 3.6.0 and earlier. A local attacker could supply malicious strings into ArcGIS Pro which may execute when a specific dialog is opened. This issue is fixed in ArcGIS Pro 3.6.1.
EPSS
Процентиль: 0%
0.00006
Низкий
5 Medium
CVSS3
4.6 Medium
CVSS3
Дефекты
CWE-79