Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-29115 | 1 Esri | 1 Arcgis Enterprise | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
An information disclosure vulnerability in the ArcGIS Service Directory in Esri ArcGIS Enterprise versions 10.9.0 and below may allows a remote attacker to view hidden field names in feature layers. This issue may reveal field names, but not not disclose features. | |||||
CVE-2021-3012 | 1 Esri | 1 Arcgis Enterprise | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
A cross-site scripting (XSS) vulnerability in the Document Link of documents in ESRI Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror (in the URL field of the Parameters tab). | |||||
CVE-2019-16193 | 1 Esri | 1 Arcgis Enterprise | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a Cross Frame Scripting (XFS) attack through the EDIT MY PROFILE feature. |