Medium
CVSS: 5.0
There is a Cross‑Site Scripting (XSS) issue in Esri ArcGIS Pro versions 3.6.0 and earlier. ArcGIS Pro is a desktop application, and exploitation is limited to local users interacting with the application; no privileged role or elevated perm…
Medium
CVSS: 6.1
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the…
Medium
CVSS: 6.1
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the…
Medium
CVSS: 6.1
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the…
Medium
CVSS: 6.1
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the…
Medium
CVSS: 5.6
ArcGIS Server versions 11.5 and earlier on Windows and Linux do not sufficiently validate uploaded files, enabling a remote unauthenticated attacker to upload arbitrary files to the server’s designated upload directories.
However, the serv…
Medium
CVSS: 5.6
ArcGIS Server versions 11.5 and earlier on Windows and Linux do not sufficiently validate uploaded files, enabling a remote unauthenticated attacker to upload arbitrary files to the server’s designated upload directories.
However, the serv…
Medium
CVSS: 6.1
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the…
Medium
CVSS: 6.1
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the…
Medium
CVSS: 6.1
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the…
Critical
CVSS: 10.0
A SQL Injection vulnerability exists in Esri ArcGIS Server versions 11.3, 11.4 and 11.5 on Windows, Linux and Kubernetes. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary SQL commands via a specific ArcGIS F…
Medium
CVSS: 6.1
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
Medium
CVSS: 6.1
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
Medium
CVSS: 4.8
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript c…
Medium
CVSS: 4.8
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execu…
Medium
CVSS: 4.8
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript c…
Medium
CVSS: 4.8
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript c…
Medium
CVSS: 4.8
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript c…
Medium
CVSS: 6.1
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
Medium
CVSS: 4.8
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript c…