There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or customer data rendered).
References
Configurations
History
No history.
Information
Published : 2023-05-10 02:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-25833
Mitre link : CVE-2023-25833
CVE.ORG link : CVE-2023-25833
JSON object : View
Products Affected
esri
- portal_for_arcgis