CVE-2024-51959

CVE-2024-51959

Título es
CVE-2024-51959

Lun, 03/03/2025 – 20:15

Tipo
CWE-79

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-51959

Descripción en
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 10.9.1 – 11.3 that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, requiring publisher capabilities. The impact is low to both confidentiality and integrity while having no impact to availability.

03/03/2025

03/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
4.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

Enviar en el boletín
Off