Vulnerabilities (CVE)

Filtered by vendor Esri Subscribe
Filtered by product Arcgis Enterprise
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3012 1 Esri 1 Arcgis Enterprise 2024-11-21 3.5 LOW 5.4 MEDIUM
A cross-site scripting (XSS) vulnerability in the Document Link of documents in ESRI Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror (in the URL field of the Parameters tab).
CVE-2021-29115 1 Esri 1 Arcgis Enterprise 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An information disclosure vulnerability in the ArcGIS Service Directory in Esri ArcGIS Enterprise versions 10.9.0 and below may allows a remote attacker to view hidden field names in feature layers. This issue may reveal field names, but not not disclose features.
CVE-2019-16193 1 Esri 1 Arcgis Enterprise 2024-11-21 3.5 LOW 5.4 MEDIUM
In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a Cross Frame Scripting (XFS) attack through the EDIT MY PROFILE feature.