CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-25841

There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 11.0 and below on Windows and Linux platforms that may allow a remote, unauthenticated attacker to create crafted content which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. Mitigation: Disable anonymous access to ArcGIS Feature services with edit capabilities.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 69.8%

CVSS Severity

CVSS v3 Score 6.1

References

Products affected by CVE-2023-25841

Esri » Arcgis Server » Version: 10.8.1

cpe:2.3:a:esri:arcgis_server:10.8.1
Esri » Arcgis Server » Version: 10.9.0

cpe:2.3:a:esri:arcgis_server:10.9.0
Esri » Arcgis Server » Version: 10.9.1

cpe:2.3:a:esri:arcgis_server:10.9.1
Esri » Arcgis Server » Version: 11.0

cpe:2.3:a:esri:arcgis_server:11.0
Linux » Linux Kernel » Version: N/A

cpe:2.3:o:linux:linux_kernel:-
Microsoft » Windows » Version: N/A

cpe:2.3:o:microsoft:windows:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-25841

Products

Pricing

Contact Us