VYPR
Unrated severityNVD Advisory· Published Aug 16, 2022· Updated Apr 10, 2025

There is a stored cross-site scripting (XSS) vulnerability in ArcGIS API for JavaScript.

CVE-2022-38192

Description

A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.