Vulnerabilities > Esri
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-03 | CVE-2024-10904 | Cross-site Scripting vulnerability in Esri Arcgis Server 10.9.1/11.1 There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 10.9.1 – 11.3 that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. | 4.8 |
| 2025-03-03 | CVE-2024-51942 | Cross-site Scripting vulnerability in Esri Arcgis Server 10.9.1/11.1 There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 10.9.1 – 11.3 that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. | 4.8 |
| 2025-03-03 | CVE-2024-51944 | Cross-site Scripting vulnerability in Esri Arcgis Server 10.9.1/11.1 There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 10.9.1 – 11.3 that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. | 4.8 |
| 2025-03-03 | CVE-2024-51954 | Improper Access Control vulnerability in Esri Arcgis Server 10.9.1/11.1 There is an improper access control issue in ArcGIS Server versions 10.9.1 through 11.3 on Windows and Linux, which under unique circumstances, could potentially allow a remote, low privileged authenticated attacker to access secure services published a standalone (Unfederated) ArcGIS Server instance. If successful this compromise would have a high impact on Confidentiality, low impact on integrity and no impact to availability of the software. | 7.1 |
| 2025-03-03 | CVE-2024-51958 | Path Traversal vulnerability in Esri Arcgis Server 10.9.1/11.1 There is a path traversal vulnerability in ESRI ArcGIS Server versions 10.9.1 thru 11.3. | 4.9 |
| 2025-03-03 | CVE-2024-51961 | External Control of File Name or Path vulnerability in Esri Arcgis Server 10.9.1/11.1 There is a local file inclusion vulnerability in ArcGIS Server 10.9.1 thru 11.3 that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive configuration information by reading internal files from the remote server. Due to the nature of the files accessible in this vulnerability the impact to confidentiality is High there is no impact to both integrity or availability. | 7.5 |
| 2025-03-03 | CVE-2024-51962 | SQL Injection vulnerability in Esri Arcgis Server 10.9.1/11.1 A SQL injection vulnerability in ArcGIS Server allows an EDIT operation to modify Column properties allowing for the execution of a SQL Injection by a remote authenticated user with elevated (non admin) privileges. There is a high impact to integrity and confidentiality and no impact to availability. | 9.6 |
| 2025-03-03 | CVE-2024-51966 | Path Traversal vulnerability in Esri Arcgis Server 10.9.1/11.1 There is a path traversal vulnerability in ESRI ArcGIS Server versions 10.9.1 thru 11.3. | 4.9 |
| 2024-10-04 | CVE-2024-25691 | Cross-site Scripting vulnerability in Esri Portal for Arcgis 10.8.1/10.9.1/11.1 There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1, 10.9.1 and 10.8.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. | 6.1 |
| 2024-10-04 | CVE-2024-25694 | Cross-site Scripting vulnerability in Esri Portal for Arcgis 10.8.1/10.9/10.9.1 There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise versions 10.8.1 – 10.9.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the Layer Showcase application configuration which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. | 4.8 |