CVE-2014-9741

Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Desktop, ArcGIS for Engine, and ArcGIS for Server 10.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:esri:arcgis_for_desktop:*:*:*:*:*:*:*:*
cpe:2.3:a:esri:arcgis_for_engine:*:*:*:*:*:*:*:*
cpe:2.3:a:esri:arcgis_server:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:21

Type Values Removed Values Added
References () http://blogs.esri.com/esri/arcgis/2014/09/04/arcgis-for-server-security-patch-10-1-sp1-qip-10-2-1-10-2-2/ - Patch, Vendor Advisory () http://blogs.esri.com/esri/arcgis/2014/09/04/arcgis-for-server-security-patch-10-1-sp1-qip-10-2-1-10-2-2/ - Patch, Vendor Advisory
References () http://support.esri.com/en/downloads/patches-servicepacks/view/productid/67/metaid/2223 - Patch, Vendor Advisory () http://support.esri.com/en/downloads/patches-servicepacks/view/productid/67/metaid/2223 - Patch, Vendor Advisory
References () http://www.securitytracker.com/id/1032733 - () http://www.securitytracker.com/id/1032733 -

21 May 2024, 12:29

Type Values Removed Values Added
First Time Esri arcgis Server
CPE cpe:2.3:a:esri:arcgis_for_server:*:*:*:*:*:*:*:* cpe:2.3:a:esri:arcgis_server:*:*:*:*:*:*:*:*

Information

Published : 2015-07-08 15:59

Updated : 2024-11-21 02:21


NVD link : CVE-2014-9741

Mitre link : CVE-2014-9741

CVE.ORG link : CVE-2014-9741


JSON object : View

Products Affected

esri

  • arcgis_for_engine
  • arcgis_for_desktop
  • arcgis_server
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')