CVE-2024-25695

There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions <= 11.2 that may allow a remote, authenticated attacker to provide input that is not sanitized properly and is rendered in error messages. The are no privileges required to execute this attack.
Configurations

No configuration.

History

21 Nov 2024, 09:01

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de Cross-Site Scripting en Portal for ArcGIS en versiones &lt;= 11.2 que puede permitir que un atacante remoto y autenticado proporcione entradas que no están desinfectadas adecuadamente y se muestran en mensajes de error. No se requieren privilegios para ejecutar este ataque.
References () https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2024-update-2/ - () https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2024-update-2/ -

04 Apr 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-04 18:15

Updated : 2024-11-21 09:01


NVD link : CVE-2024-25695

Mitre link : CVE-2024-25695

CVE.ORG link : CVE-2024-25695


JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')