CVE-2021-29107
There is a stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below.
In short
A flaw in ArcGIS Server Manager allows attackers to store malicious code that gets executed in other users' browsers when they access the application. This can lead to account compromise or data theft.
Technical detail
Stored XSS vulnerability in ArcGIS Server Manager ≤10.8.1 permits unauthenticated remote attackers to inject and persist malicious JavaScript via unvalidated input fields. When authenticated users view contaminated content, the payload executes in their browser context, enabling session hijacking, credential theft, or administrative actions.
Summary generated and translated by AI from the official description.
A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote unauthenticated attacker to pass and store malicious strings in the ArcGIS Server Manager application.
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected products
Esri · ArcGIS ServerWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →