CVE-2022-38200 MEDIUM

CVE-2022-38200: BUG-000142376 - Reflected Cross-Site Scripting (XSS) vulnerability in ArcGIS Server.

Vendor Esri
Product ArcGIS Server
Weakness CWE-79 · XSS
Published October 25, 2022
Last update April 10, 2025

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

A cross site scripting vulnerability exists in some map service configurations of ArcGIS Server versions 10.8.1 and 10.7.1. Specifically crafted web requests can execute arbitrary JavaScript in the context of the victim's browser.

Key dates

02Disclosure timeline

October 25, 2022 CVE published
April 10, 2025 Record updated