CVE-2021-29104: There is a stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below.
First published: Sun Jul 11 2021(Updated: )
A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote unauthenticated attacker to pass and store malicious strings in the ArcGIS Server Manager application.
Credit: psirt@esri.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Esri ArcGIS Server | <10.9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-29104.
What is the severity level of CVE-2021-29104?
The severity level of CVE-2021-29104 is medium.
How does CVE-2021-29104 affect ArcGIS Server Manager?
CVE-2021-29104 allows a remote unauthenticated attacker to pass and store malicious strings in ArcGIS Server Manager application.
Which version of ArcGIS Server Manager is affected by CVE-2021-29104?
ArcGIS Server Manager version 10.8.1 and below are affected by CVE-2021-29104.
Is there a patch available for CVE-2021-29104?
Yes, a patch is available for CVE-2021-29104. More information can be found at the following reference: [link](https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-security-2021-update-1-patch/)
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/title
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- vendor/esri
- canonical/esri arcgis server