laptop and a wrench


Cross-site scripting (XSS) in ArcGIS Server Manager. Note This security patch addresses multiple security vulnerabilities found in ArcGIS Server. Esri recommends that all customers using ArcGIS Server 10.8.1, 10.7.1, and 10.6.1 apply this patch.

Last Published: March 2, 2021 ArcGIS GIS Server
Bug ID Number BUG-000137659
SubmittedFebruary 23, 2021
Last ModifiedSeptember 15, 2022
Applies toArcGIS GIS Server
Version found10.6.1
Operating SystemWindows OS
Operating System VersionN/A
Version Fixed10.7


The ArcGIS Server Security 2021 Update 1 Patch is now live on the support site. The URL is:

Steps to Reproduce

Bug ID: BUG-000137659


  • ArcGIS GIS Server

Get help from ArcGIS experts

Contact technical support

Download the Esri Support App

Go to download options

Discover more on this topic