Page 2 of 134 results (0.002 seconds)

CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2024-51954 – Unauthorized access to secure services in ArcGIS Server

https://notcve.org/view.php?id=CVE-2024-51954

03 Mar 2025 — There is an improper access control issue in ArcGIS Server versions 10.9.1 through 11.3 on Windows and Linux, which under unique circumstances, could potentially allow a remote, low privileged authenticated attacker to access secure services published a standalone (Unfederated) ArcGIS Server instance. If successful this compromise would have a high impact on Confidentiality, low impact on integrity and no impact to availability of the software. There is an improper access control issue in ArcGIS Server vers... • https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-1-patch • CWE-284: Improper Access Control •

CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2024-51953 – Stored XSS in ArcGIS Server Rest services

https://notcve.org/view.php?id=CVE-2024-51953

03 Mar 2025 — There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 10.9.1 – 11.3 that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher capabilities. The impact is low to both confidentiality and integrity while having no impact to availability. • https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-1-patch • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2024-51952 – Stored XSS issue in ArcGIS Server

https://notcve.org/view.php?id=CVE-2024-51952

03 Mar 2025 — There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 10.9.1 – 11.3 that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher capabilities. The impact is low to both confidentiality and integrity while having no impact to availability. • https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-1-patch • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2024-51951 – Stored XSS in Server Admin API

https://notcve.org/view.php?id=CVE-2024-51951

03 Mar 2025 — There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 10.9.1 – 11.3 that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher capabilities. The impact is low to both confidentiality and integrity while having no impact to availability. • https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-1-patch • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2024-51950 – Stored XSS in Server Admin under Services > lifecycleinfos

https://notcve.org/view.php?id=CVE-2024-51950

03 Mar 2025 — There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 10.9.1 – 11.3 that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher capabilities. The impact is low to both confidentiality and integrity while having no impact to availability. • https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-1-patch • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2024-51949 – Stored XSS vulnerability in Rest Services under OGCFeature Service and Map Service

https://notcve.org/view.php?id=CVE-2024-51949

03 Mar 2025 — There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 10.9.1 – 11.3 that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher capabilities. The impact is low to both confidentiality and integrity while having no impact to availability. • https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-1-patch • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2024-51948 – Stored XSS vulnerability in Rest Services under Job ID

https://notcve.org/view.php?id=CVE-2024-51948

03 Mar 2025 — There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 10.9.1 – 11.3 that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher capabilities. The impact is low to both confidentiality and integrity while having no impact to availability. • https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-1-patch • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2024-51947 – Stored XSS vulnerability in Rest Services under Layer name

https://notcve.org/view.php?id=CVE-2024-51947

03 Mar 2025 — There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 10.9.1 – 11.3 that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher capabilities. The impact is low to both confidentiality and integrity while having no impact to availability. • https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-1-patch • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2024-51946 – Stored XSS in Rest Services Directory under Identify operation

https://notcve.org/view.php?id=CVE-2024-51946

03 Mar 2025 — There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 10.9.1 – 11.3 that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher capabilities. The impact is low to both confidentiality and integrity while having no impact to availability. • https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-1-patch • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2024-51945 – Stored XSS issues in Server Admin API

https://notcve.org/view.php?id=CVE-2024-51945

03 Mar 2025 — There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 10.9.1 – 11.3 that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher capabilities. The impact is low to both confidentiality and integrity while having no impact to availability. • https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-1-patch • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •