CVE-2021-3012
A cross-site scripting (XSS) vulnerability in the Document Link of documents in ESRI Enterprise before 10.9 allows remot
A cross-site scripting (XSS) vulnerability in the Document Link of documents in ESRI Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror (in the URL field of the Parameters tab).
MEDIUM · CVSS 5.4
EPSS 0.00138
Schedule remediation
- Public exploit or PoC is available
Sigma rules0
YARA rules0