Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
BUG-000133088 - ArcGIS Enterprise site builder is subject to stored XSS.
Vulnerability Description
There is a Cross‑Site Scripting (XSS) vulnerability in Esri ArcGIS Enterprise Sites versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which, when clicked by a victim, could result in the execution of arbitrary JavaScript code in the target’s browser. Exploitation requires high‑privileged authenticated access. Successful exploitation may allow the attacker to access sensitive session data, manipulate trusted content, and disrupt normal application functionality, resulting in a high impact to confidentiality, integrity, and availability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Esri ArcGIS Enterprise 跨站脚本漏洞
Vulnerability Description
Esri ArcGIS Enterprise是美国环境系统研究所(Esri)公司的一套GIS(地理信息系统)的基础软件系统。该系统支持制图和可视化、分析以及数据管理等。 Esri ArcGIS Enterprise 10.8.1至10.9版本存在跨站脚本漏洞,该漏洞源于于存在跨站脚本(XSS)漏洞。攻击可利用该漏洞诱导用户点击恶意链接,并在受害者浏览器中执行任意JavaScript代码。
CVSS Information
N/A
Vulnerability Type
N/A