Bug
There is a stored cross-site scripting (XSS) vulnerability in ArcGIS API for JavaScript.
| Bug ID Number | BUG-000133257 |
|---|---|
| Submitted | August 21, 2020 |
| Last Modified | May 31, 2023 |
| Applies to | ArcGIS API for JavaScript |
| Version found | 4.16 |
| Operating System | Windows OS |
| Operating System Version | 10.0 |
| Version Fixed | 3.37 |
| Status | Fixed |
Workaround
The Portal for ArcGIS Security 2022 Update 1 Patch is now live on the support site. The URL is: https://support.esri.com/en/download/7948. This is a 3 version patch for 10.7.1, 10.8.1 and 10.9.1. Refer to the Issues Addressed section of the patch download page for details on which versions were affected and resolved for this defect.
Steps to Reproduce
Bug ID: BUG-000133257
Software:
- ArcGIS API for JavaScript
Get help from ArcGIS experts
Download the Esri Support App
Discover more on this topic
Search for related information
Find training related to this topic
Explore ideas and give feedback