CVE-2013-7231
ESRI ArcGIS for Server 10.1 and 10.2 - Authenticated Cross-Site Scripting
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1 and 10.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-5222.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
http://support.esri.com/en/knowledgebase/techarticles/detail/41468
Vendor Advisory x_refsource_confirm
http://support.esri.com/en/downloads/patches-servicepacks/view/productid/66/metaid/2009
Scores
EPSS
0.0017
EPSS Percentile
38.1%
Details
CWE
CWE-79
Status
published
Products (2)
esri/arcgis_server
10.1
esri/arcgis_server
10.2
Published
Dec 30, 2013
Tracked Since
Feb 18, 2026