Esri ArcGIS Server 10.8.1
Approved changes feed: RSS · Atom
cpe:2.3:a:esri:arcgis_server:10.8.1:*:*:*:*:*:*:*
part: a version: 10.8.1 update: *
| Vendor | Esri (7fc7b1c4-e95b-5bc9-bfb4-4695cd2e3e82) |
|---|---|
| Product | Arcgis Server (4b5775bf-aef2-5392-b675-fe8157ab1e90) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-38200 |
vulnerable | 2026-06-03 14:47:49.446632 |
BUG-000142376 - Reflected Cross-Site Scripting (XSS) vulnerability in ArcGIS Server.
MEDIUM (6.1)
A cross site scripting vulnerability exists in some map service configurations of ArcGIS Server versions 10.8.1 and 10.7.1. Specifically crafted web requests can execute arbitrary JavaScript in the context of the victim's browser.
Published: 2022-10-25T16:31:44.000Z
Updated: 2025-04-10T14:56:29.402Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-29116 |
vulnerable | 2026-06-03 14:44:19.662011 |
BUG-000142180 Hosted feature services vulnerable to stored XSS
MEDIUM (6.1)
A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server feature services versions 10.8.1 and 10.9 (only) feature services may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser.
Published: 2021-12-07T11:00:53.382Z
Updated: 2025-04-10T14:58:53.616Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.