CVE-2023-25841
CVSS V2 None
CVSS V3 None
Description
There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 10.8.1 – 11.0 on Windows and Linux platforms that may allow a remote, unauthenticated attacker to create crafted content which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
Mitigation: Disable anonymous access to ArcGIS Feature services with edit capabilities.
Overview
- CVE ID
- CVE-2023-25841
- Assigner
- Esri
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-07-21T18:38:24.437Z
- Last Modified Date
- 2023-08-02T04:57:29.256Z
Weakness Enumerations
References
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-25841 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25841 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-06-25 17:40:55 | Added to TrackCVE |