216.73.217.98

CVE-2024-51948

· Published 03/03/2025 20:15 · Modified 06/03/2025 14:43

Labels: CVE-2024-51948 2025-03-03CVE-2024-51948CWE-79[email protected]

Essential information

Published
03/03/2025 20:15
Modified
06/03/2025 14:43
Author
Creator
CVSS
4.8 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CVSS metrics

Description

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 10.9.1 – 11.3 that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher capabilities. The impact is low to both confidentiality and integrity while having no impact to availability.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
esri / arcgis server cpe:2.3:a:esri:arcgis_server:*:*:*:*:*:*:*:*

References