Stored Cross Site Scripting (XSS) Vulnerability in Esri ArcGIS Server Feature Services 10.8.1 and 10.9 (Only)

Stored Cross Site Scripting (XSS) Vulnerability in Esri ArcGIS Server Feature Services 10.8.1 and 10.9 (Only)

CVE-2021-29116 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server feature services versions 10.8.1 and 10.9 (only) feature services may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser.

Learn more about our Cis Benchmark Audit For Server Software.