CVE-2023-25841

Summary

CVE-2023-25841 is a stored Cross-site Scripting (XSS) vulnerability affecting Esri ArcGIS Server versions 10.8.1 through 11.0 on both Windows and Linux platforms. This issue enables unauthenticated attackers to generate crafted content that, when clicked, could execute arbitrary JavaScript code in the victim's browser. To mitigate this risk, administrators are advised to disable anonymous access to ArcGIS Feature services with edit capabilities.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.