CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-29116

A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server feature services versions 10.8.1 and 10.9 (only) feature services may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 64.3%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-security-2021-update-2-patch-is-now-available
https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-security-2021-update-2-patch-is-now-available

Products affected by CVE-2021-29116

Esri » Arcgis Server » Version: 10.8.1

cpe:2.3:a:esri:arcgis_server:10.8.1
Esri » Arcgis Server » Version: 10.9.0

cpe:2.3:a:esri:arcgis_server:10.9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-29116

Products

Pricing

Contact Us