laptop and a wrench


Cross-site scripting (XSS) vulnerability with GetTokens as ArcGIS for Server 10.3.1 inputs are not consistently sanitized.

Last Published: September 30, 2015 ArcGIS for Server
Bug ID Number BUG-000090429
SubmittedAugust 31, 2015
Last ModifiedJune 2, 2021
Applies toArcGIS for Server
Version found10.3.1
Operating SystemWindows
Version Fixed10.4.0

Steps to Reproduce

Bug ID: BUG-000090429


  • ArcGIS for Server

Get help from ArcGIS experts

Contact technical support

Download the Esri Support App

Go to download options

Discover more on this topic