CVE-2023-25840
BUG-000154070 Stored XSS issue in the ArcGIS REST Services directory
There is a Cross-site Scripting vulnerability in ArcGIS Server in versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link which onmouseover wont execute but could potentially render an image in the victims browser. The privileges required to execute this attack are high.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N
Productos afectados
Esri · ArcGIS Enterprise Server¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →