A moderate priority Cross Site Scripting (XSS) vulnerability has been discovered in ArcGIS Enterprise Sites Builder version 10.8.1.
This is a moderate priority issue with a CVSSv3: 6.8.
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Esri recommends all ArcGIS Enterprise administrators install this patch by using the ArcGIS Enterprise “Patch Notification” tool or by downloading the appropriate patch for your ArcGIS Enterprise site from https://support.esri.com/en/download/7836.
Be sure to subscribe to the RSS feed on the ArcGIS Trust Center for timely notifications regarding trends and issues related to security issues that impact the ArcGIS Platform.
References:
Check for and install software patches and updates
How To: Schedule Automatic Updates for ArcGIS Enterprise
Security Update Statement
- Esri Software Security and Privacy Team
Article Discussion: