Unrated severityNVD Advisory· Published Aug 16, 2022· Updated Apr 10, 2025
There is a stored cross-site scripting (XSS) vulnerability in ArcGIS API for JavaScript.
CVE-2022-38192
Description
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: All
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.