Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
http://support.esri.com/en/knowledgebase/techarticles/detail/41498
http://support.esri.com/en/knowledgebase/techarticles/detail/41494