CVE-2022-38200: BUG-000142376 - Reflected Cross-Site Scripting (XSS) vulnerability in ArcGIS Server.
First published: Tue Oct 25 2022(Updated: )
A cross site scripting vulnerability exists in some map service configurations of ArcGIS Server versions 10.8.1 and 10.7.1. Specifically crafted web requests can execute arbitrary JavaScript in the context of the victim's browser.
Credit: psirt@esri.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Esri ArcGIS Server | =10.7.1 | |
| Esri ArcGIS Server | =10.8.1 |
Remedy
ArcGIS Server Map Service Security 2022 Update 1 Patch https://support.esri.com/en/download/8042
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-38200?
CVE-2022-38200 is a cross-site scripting vulnerability in some map service configurations of ArcGIS Server versions 10.8.1 and 10.7.1.
How severe is CVE-2022-38200?
CVE-2022-38200 has a severity rating of 6.1, which is considered medium.
Which software versions are affected by CVE-2022-38200?
ArcGIS Server versions 10.8.1 and 10.7.1 are affected by CVE-2022-38200.
How can CVE-2022-38200 be exploited?
CVE-2022-38200 can be exploited by sending specifically crafted web requests that execute arbitrary JavaScript in the victim's browser.
Is there a fix available for CVE-2022-38200?
Yes, a fix for CVE-2022-38200 is available. Please refer to the official reference for more information.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/title
- agent/remedy
- agent/severity
- agent/author
- agent/last-modified-date
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- vendor/esri
- canonical/esri arcgis server
- version/esri arcgis server/10.7.1
- version/esri arcgis server/10.8.1