Cross-Site Scripting Vulnerabilities in ESRI ArcGIS Products
CVE-2014-9741
Currently unrated
What is CVE-2014-9741?
Multiple cross-site scripting (XSS) vulnerabilities exist in ESRI ArcGIS for Desktop, ArcGIS for Engine, and ArcGIS for Server versions up to 10.2.2. These vulnerabilities enable remote attackers to inject arbitrary web scripts or HTML through unspecified vectors, potentially leading to unauthorized actions and data compromise. It is crucial for organizations using these products to apply the necessary security patches to mitigate these risks.
References
Timeline
Vulnerability Reserved
Vulnerability published