CVE-2022-38200

A cross site scripting vulnerability exists in some map service configurations of ArcGIS Server versions 10.8.1 and 10.7.1. Specifically crafted web requests can execute arbitrary JavaScript in the context of the victim's browser.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:esri:arcgis_server:10.7.1:*:*:*:*:*:*:*
cpe:2.3:a:esri:arcgis_server:10.8.1:*:*:*:*:*:*:*

History

21 Nov 2024, 07:16

Type Values Removed Values Added
References () https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-map-service-security-2022-update-1-is-now-available - Broken Link () https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-map-service-security-2022-update-1-is-now-available - Broken Link

31 Oct 2022, 13:40

Type Values Removed Values Added
CPE cpe:2.3:a:esri:arcgis_server:10.8.1:*:*:*:*:*:*:*
cpe:2.3:a:esri:arcgis_server:10.7.1:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
CWE CWE-79
References (CONFIRM) https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-map-service-security-2022-update-1-is-now-available - (CONFIRM) https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-map-service-security-2022-update-1-is-now-available - Broken Link

25 Oct 2022, 17:37

Type Values Removed Values Added
New CVE

Information

Published : 2022-10-25 17:15

Updated : 2024-11-21 07:16


NVD link : CVE-2022-38200

Mitre link : CVE-2022-38200

CVE.ORG link : CVE-2022-38200


JSON object : View

Products Affected

esri

  • arcgis_server
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')