There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are high. The impact to Confidentiality, Integrity and Availability are High.
References
Configurations
History
08 Oct 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are high. The impact to Confidentiality, Integrity and Availability are High. |
29 Jan 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
Summary | There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are high. The impact to Confidentiality, Integrity and Availability are High. |
30 Nov 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
Summary | There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are high. |
07 Aug 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.8 |
03 Aug 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.4 |
Summary | There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result the attacker gaining full control of the Portal. |
31 Jul 2023, 15:10
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:esri:portal_for_arcgis:*:*:*:*:*:*:*:* | |
First Time |
Esri
Esri portal For Arcgis |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.8 |
References | (MISC) https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-enterprise-sites-security-patch-is-now-available/ - Vendor Advisory |
21 Jul 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-21 00:15
Updated : 2024-10-08 17:15
NVD link : CVE-2023-25835
Mitre link : CVE-2023-25835
CVE.ORG link : CVE-2023-25835
JSON object : View
Products Affected
esri
- portal_for_arcgis
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')