CVSS 3.1 Score 6.1 of 10 (medium)


Published Jul 21, 2023
Updated: Feb 23, 2024


CVE-2023-25841 is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 10.8.1 – 11.0 on Windows and Linux platforms. This vulnerability allows a remote, unauthenticated attacker to create crafted content that, when clicked, can potentially execute arbitrary JavaScript code in the victim's browser. To remediate this vulnerability, it is recommended to disable anonymous access to ArcGIS Feature services with edit capabilities. The potential danger posed by this vulnerability includes the execution of malicious code in the victim's browser, which can lead to unauthorized access to sensitive information and potential compromise of the affected organization's systems.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-25841 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options