Vulnerabilities > Esri > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-15 | CVE-2022-38191 | Cross-site Scripting vulnerability in Esri Portal for Arcgis There is an HTML injection issue in Esri Portal for ArcGIS versions 10.9.0 and below which may allow a remote, authenticated attacker to inject HTML into some locations in the home application. | 5.4 |
| 2021-12-07 | CVE-2021-29113 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Esri Arcgis Server 10.6.1/10.7.1/10.8.1 A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, unauthenticated attacker to inject attacker supplied html into a page. | 4.7 |
| 2021-12-07 | CVE-2021-29115 | Exposure of Resource to Wrong Sphere vulnerability in Esri Arcgis Enterprise 10.6.1 An information disclosure vulnerability in the ArcGIS Service Directory in Esri ArcGIS Enterprise versions 10.9.0 and below may allows a remote attacker to view hidden field names in feature layers. | 5.3 |
| 2021-12-07 | CVE-2021-29116 | Cross-site Scripting vulnerability in Esri Arcgis Server 10.8.1/10.9.0 A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server feature services versions 10.8.1 and 10.9 (only) feature services may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser. | 6.1 |
| 2021-10-01 | CVE-2021-29109 | Cross-site Scripting vulnerability in Esri Portal for Arcgis A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser. | 6.1 |
| 2021-10-01 | CVE-2021-29110 | Cross-site Scripting vulnerability in Esri Portal for Arcgis Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application. | 5.4 |
| 2021-07-11 | CVE-2021-29103 | Cross-site Scripting vulnerability in Esri Arcgis Server 10.6.1/10.7.1/10.8.1 A reflected Cross Site Scripting (XXS) vulnerability in ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser. | 6.1 |
| 2021-07-11 | CVE-2021-29104 | Cross-site Scripting vulnerability in Esri Arcgis Server 10.6.1/10.7.1/10.8.1 A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote unauthenticated attacker to pass and store malicious strings in the ArcGIS Server Manager application. | 6.1 |
| 2021-07-11 | CVE-2021-29105 | Cross-site Scripting vulnerability in Esri Arcgis Server 10.6.1/10.7.1/10.8.1 A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server Services Directory version 10.8.1 and below may allow a remote authenticated attacker to pass and store malicious strings in the ArcGIS Services Directory. | 5.4 |
| 2021-07-10 | CVE-2021-29106 | Cross-site Scripting vulnerability in Esri Arcgis Server 10.6.1/10.7.1/10.8.1 A reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser. | 6.1 |