CVE-2021-29116
BUG-000142180 Hosted feature services vulnerable to stored XSS
A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server feature services versions 10.8.1 and 10.9 (only) feature services may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser.
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Produtos afetados
Esri · ArcGIS ServerQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →