A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server feature services versions 10.8.1 and 10.9 (only) feature services may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Esri
Published: 2021-12-06T00:00:00
Updated: 2021-12-07T11:00:53
Reserved: 2021-03-23T00:00:00
Link: CVE-2021-29116
JSON object: View
NVD Information
Status : Modified
Published: 2021-12-07T11:15:08.020
Modified: 2023-11-07T03:32:32.320
Link: CVE-2021-29116
JSON object: View
Redhat Information
No data.
CWE