RSS   Vulnerabilities for 'Arcgis enterprise'   RSS

2021-04-08
 
CVE-2021-3012

CWE-79
 

 
A cross-site scripting (XSS) vulnerability in the Document Link of documents in ESRI ArcGIS Online before 10.9 and Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror (in the URL field of the Parameters tab).

 
2019-09-11
 
CVE-2019-16193

CWE-79
 

 
In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a Cross Frame Scripting (XFS) attack through the EDIT MY PROFILE feature.

 

 >>> Vendor: ESRI 15 Products
Arcinfo workstation
Arcgis
Arcpad
Arcmap
Arcgis for server
Arcgis for desktop
Arcgis for engine
Arcgis enterprise
Arcgis desktop
Arcgis pro
Arcreader
Arcgis engine
Arcgis online
Arcgis earth
Arcgis server


Copyright 2021, cxsecurity.com

 

Back to Top