Security Advisory

CVE-2021-3012

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-04-08 10:15:18

Last updated 2024-08-03 16:45:50

Assigner mitre

State PUBLISHED

Description

A cross-site scripting (XSS) vulnerability in the Document Link of documents in ESRI Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror (in the URL field of the Parameters tab).

← Browse all CVEs View on cve.org ↗