Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ArcGIS Server — Vulnerabilities & Security Advisories 54

All 54 CVE vulnerabilities found in ArcGIS Server, with AI-generated Chinese analysis, references, and POCs.

Vendor: Esri

CVE IDTitleCVSSSeverityPublished
CVE-2024-51942 Stored XSS vulnerability in Rest Admin API under Hosted Feature Services page CWE-79 4.8 Medium2025-03-03
CVE-2024-10904 Stored XSS in Server Admin API CWE-79 4.8 Medium2025-03-03
CVE-2024-5888 Stored XSS in Rest Services API for a Toolbox published as GP Service CWE-79 4.8 Medium2025-03-03
CVE-2022-38202 BUG-000152121 - Directory traversal vulnerability in ArcGIS Server. CWE-23 7.5 High2022-12-28
CVE-2022-38195 BUG-000150540 - Reflected XSS vulnerability in ArcGIS Server CWE-79 6.1 Medium2022-10-25
CVE-2022-38196 BUG-000150537 - ArcGIS Server has a local file inclusion (LFI) vulnerability CWE-22 6.5 Medium2022-10-25
CVE-2022-38197 BUG-000148347 Unvalidated redirect issues in ArcGIS Server. CWE-601 6.1 Medium2022-10-25
CVE-2022-38198 BUG-000146513 - Reflected XSS vulnerability in ArcGIS Server CWE-79 6.1 Medium2022-10-25
CVE-2022-38199 BUG-000144172 - Remote file download issue in ArcGIS Server CWE-494 6.1 Medium2022-10-25
CVE-2022-38200 BUG-000142376 - Reflected Cross-Site Scripting (XSS) vulnerability in ArcGIS Server. CWE-79 6.1 Medium2022-10-25
CVE-2021-29116 BUG-000142180 Hosted feature services vulnerable to stored XSS CWE-79 6.1 -2021-12-07
CVE-2021-29115 An information disclosure vulnerability CWE-200 5.3 -2021-12-07
CVE-2021-29114 SQL injection vulnerability in ArcGIS Server CWE-89 9.8 -2021-12-07
CVE-2021-29113 Remote file inclusion vulnerability in ArcGIS Server help documentation CWE-98 4.7 -2021-12-07
CVE-2021-29104 There is a stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below. CWE-79 6.1 -2021-07-11
CVE-2021-29102 There is a Server-Side Request Forgery (SSRF) vulnerability in Esri ArcGIS Server Manager version 10.8.1 and below. CWE-918 7.5 -2021-07-11
CVE-2021-29103 There is a reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server version 10.8.1 and below. CWE-79 6.1 -2021-07-11
CVE-2021-29105 There is a stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server Services Directory version 10.8.1 and below. CWE-79 5.4 -2021-07-11
CVE-2021-29106 There is a reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server version 10.8.1 and below. CWE-79 6.1 -2021-07-10
CVE-2021-29107 There is a stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below. CWE-79 6.1 -2021-07-10
CVE-2021-29099 There is a SQL injection vulnerability in ArcGIS Server CWE-89 5.3 -2021-06-07
CVE-2021-29095 ArcGIS Server image service and raster analytics security update: uninitialized pointer CWE-824 6.8 -2021-03-25
CVE-2021-29094 ArcGIS Server image service and raster analytics security update: buffer overflow CWE-120 6.8 -2021-03-25
CVE-2021-29093 ArcGIS Server image service and raster analytics security update: use-after-free CWE-416 6.8 -2021-03-25

All 54 known CVE vulnerabilities affecting ArcGIS Server with full Chinese analysis, references, and POCs where available.