RSS   Vulnerabilities for 'Arcgis online'   RSS

2021-04-08
 
CVE-2021-3012

CWE-79
 

 
A cross-site scripting (XSS) vulnerability in the Document Link of documents in ESRI ArcGIS Online before 10.9 and Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror (in the URL field of the Parameters tab).

 

 >>> Vendor: ESRI 16 Products
Arcinfo workstation
Arcgis
Arcpad
Arcmap
Arcgis for server
Arcgis for desktop
Arcgis for engine
Arcgis enterprise
Arcgis desktop
Arcgis pro
Arcreader
Arcgis engine
Arcgis online
Arcgis earth
Arcgis server
Portal for arcgis


Copyright 2024, cxsecurity.com

 

Back to Top