CVE-2024-25691

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1, 10.9.1 and 10.8.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:esri:portal_for_arcgis:10.8.1:*:*:*:*:*:*:*
cpe:2.3:a:esri:portal_for_arcgis:10.9.1:*:*:*:*:*:*:*
cpe:2.3:a:esri:portal_for_arcgis:11.1:*:*:*:*:*:*:*

History

15 Oct 2024, 14:35

Type Values Removed Values Added
First Time Esri
Esri portal For Arcgis
CPE cpe:2.3:a:esri:portal_for_arcgis:10.8.1:*:*:*:*:*:*:*
cpe:2.3:a:esri:portal_for_arcgis:11.1:*:*:*:*:*:*:*
cpe:2.3:a:esri:portal_for_arcgis:10.9.1:*:*:*:*:*:*:*
References () https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2024-update-2-released/ - () https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2024-update-2-released/ - Vendor Advisory

07 Oct 2024, 17:48

Type Values Removed Values Added
Summary
  • (es) Hay una vulnerabilidad XSS reflejado en Esri Portal for ArcGIS versiones 11.1, 10.9.1 y 10.8.1 que puede permitir que un atacante remoto no autenticado cree un enlace manipulado que, al hacer clic, podría ejecutar código JavaScript arbitrario en el navegador de la víctima.

04 Oct 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-04 18:15

Updated : 2024-10-15 14:35


NVD link : CVE-2024-25691

Mitre link : CVE-2024-25691

CVE.ORG link : CVE-2024-25691


JSON object : View

Products Affected

esri

  • portal_for_arcgis
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')