CNNVD-202512-5495 Information

CNNVD ID

CNNVD-202512-5495

Related CVE

CVE-2025-67705

• CNNVD Published: 2025-12-31

Description (Chinese)

Esri ArcGIS Server是Esri公司的一个面向Web的可用于提供地理位置服务的企业级软件平台。 Esri ArcGIS Server 11.4及之前版本存在跨站脚本漏洞，该漏洞源于存储型跨站脚本问题，可能导致恶意代码在受害者浏览器环境中执行。

Description (English)

Esri ArcGIS Server is a Web-based enterprise-level software platform for Esri that can be used to provide geographical services. Esri ArcGIS Server 11.4 and previous versions had a cross-site script loophole, which stemmed from storage-type cross-site scripts and could lead to malicious code implementation in the victim browser environment.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

Etherpad

Published

2025-12-31

Last Modified

2026-02-24

References

https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-2-patch

Patch

https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-2-patch