CVE-2021-29113

Medium

A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, unauthenticated attacker to inject…

Esri·CWE-98·Published 2021-12-07

CVSS

4.7

EPSS

0.01

KEV

Exploits

cve.orgen

168 chars

A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, unauthenticated attacker to inject attacker supplied html into a page.

NVDen

168 chars

A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, unauthenticated attacker to inject attacker supplied html into a page.

Una vulnerabilidad de inclusión de archivos remotos en la documentación de ayuda de ArcGIS Server puede permitir a un atacante remoto no autenticado inyectar en una página el html suministrado por el atacante

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N
3.0	Primary	cve.org	4.7	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
3.0	Primary	cve.org	4.7	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
3.0	Secondary	NVD	4.7	2.8	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
3.1	Primary	NVD	4.7	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N