Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2024-04-04	CVE-2024-25708	Unspecified vulnerability in Esri Arcgis Enterprise 10.8.1/10.9.1 There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 10.9.1 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. network low complexity esri	4.8
2021-12-07	CVE-2021-29115	Exposure of Resource to Wrong Sphere vulnerability in Esri Arcgis Enterprise 10.6.1/10.9 An information disclosure vulnerability in the ArcGIS Service Directory in Esri ArcGIS Enterprise versions 10.9.0 and below may allows a remote attacker to view hidden field names in feature layers. network low complexity esri CWE-668	5.3
2021-04-08	CVE-2021-3012	Cross-site Scripting vulnerability in Esri Arcgis Enterprise 10.6.1/10.9 A cross-site scripting (XSS) vulnerability in the Document Link of documents in ESRI Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror (in the URL field of the Parameters tab). network low complexity esri CWE-79	5.4
2019-09-11	CVE-2019-16193	Cross-site Scripting vulnerability in Esri Arcgis Enterprise 10.6.1 In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a Cross Frame Scripting (XFS) attack through the EDIT MY PROFILE feature. network low complexity esri CWE-79	5.4