There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions <=11.1 that may allow a remote, authenticated attacker to create a crafted link which when opening an authenticated users bio page will render an image in the victims browser. The privileges required to execute this attack are low.
References
Configurations
No configuration.
History
21 Nov 2024, 09:01
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2024-update-1/ - |
08 Oct 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions <=11.1 that may allow a remote, authenticated attacker to create a crafted link which when opening an authenticated users bio page will render an image in the victims browser. The privileges required to execute this attack are low. |
19 Apr 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary |
|
04 Apr 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-04 18:15
Updated : 2024-11-21 09:01
NVD link : CVE-2024-25697
Mitre link : CVE-2024-25697
CVE.ORG link : CVE-2024-25697
JSON object : View
Products Affected
No product.
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')