CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-25840

There is a Cross-site Scripting vulnerability in ArcGIS Server in versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link which onmouseover wont execute but could potentially render an image in the victims browser. The privileges required to execute this attack are high.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 39.6%

CVSS Severity

CVSS v3 Score 3.4

References

https://www.esri.com/arcgis-blog/products/trust-arcgis/announcements/arcgis-server-security-2023-update-1-patch-available/
https://www.esri.com/arcgis-blog/products/trust-arcgis/announcements/arcgis-server-security-2023-update-1-patch-available/

Products affected by CVE-2023-25840

Esri » Arcgis Server » Version: 10.8.1

cpe:2.3:a:esri:arcgis_server:10.8.1
Esri » Arcgis Server » Version: 10.9.0

cpe:2.3:a:esri:arcgis_server:10.9.0
Esri » Arcgis Server » Version: 10.9.1

cpe:2.3:a:esri:arcgis_server:10.9.1
Esri » Arcgis Server » Version: 11.0

cpe:2.3:a:esri:arcgis_server:11.0
Linux » Linux Kernel » Version: N/A

cpe:2.3:o:linux:linux_kernel:-
Microsoft » Windows » Version: N/A

cpe:2.3:o:microsoft:windows:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-25840

Products

Pricing

Contact Us