ArcGIS for Server 10.1 has a non-persistent cross-site scripting vulnerability.
CVE-2013-5222 Various XSS Vulnerabilities
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score 3.5
This vulnerability may be viewed as a standard entry in the Vulnerabilities and Exposures list.
Esri thanks the following for working with us to protect customers:
• Roberto Suggi Liverani of NCIA-NCIRC for reporting this vulnerability.
When certain URLs are provided, user-provided code can be inserted into ArcGIS for Server web pages.