CVE-2022-38195 - CERT CVE
ID CVE-2022-38195
Sažetak There is as reflected cross site scripting issue in Esri ArcGIS Server versions 10.9.1 and below which may allow a remote unauthorized attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser.
Reference
CVSS
Base: 6.1
Impact: 2.7
Exploitability:2.8
Pristup
VektorSloženostAutentikacija
NETWORK LOW -
Impact
PovjerljivostCjelovitostDostupnost
LOW LOW NONE
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Zadnje važnije ažuriranje 27-10-2022 - 13:32
Objavljeno 25-10-2022 - 17:15