Esri: >> Arcgis Server >> 10.9.0 Security Vulnerabilities
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-12-31
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-12-31
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-12-31
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-12-31
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-12-31
ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files file, which allows remote attackers to upload arbitrary files.
CVSS Score
5.6
EPSS Score
0.002
Published
2025-12-31
ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files file, which allows remote attackers to upload arbitrary files.
CVSS Score
5.6
EPSS Score
0.002
Published
2025-12-31
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-12-31
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-12-31
ArcGIS Enterprise Server versions 11.0 and below have an information disclosure vulnerability where a remote, unauthorized attacker may submit a crafted query that may result in a low severity information disclosure issue.
The information disclosed is limited to a single attribute in a database connection string. No business data is disclosed.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-08-25
Page 1