← back
CVE-2022-38200

BUG-000142376 - Reflected Cross-Site Scripting (XSS) vulnerability in ArcGIS Server.

CVSS 6.1 MEDIUMEPSS 0.3%CWE-79
A cross site scripting vulnerability exists in some map service configurations of ArcGIS Server versions 10.8.1 and 10.7.1. Specifically crafted web requests can execute arbitrary JavaScript in the context of the victim's browser.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected products
Esri · ArcGIS Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-map-service-security-2022-update-1-is-now-available