There is a cross site scripting vulnerability in the Esri Portal for ArcGIS Experience Builder 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are low.
References
Configurations
No configuration.
History
10 Oct 2024, 12:57
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
08 Oct 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
Summary | (en) There is a cross site scripting vulnerability in the Esri Portal for ArcGIS Experience Builder 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are low. | |
References |
|
25 Apr 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
Summary | (en) Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because this item is scheduled to be patched at a future time. | |
CWE |
04 Apr 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-04 18:15
Updated : 2024-10-10 12:57
NVD link : CVE-2024-25705
Mitre link : CVE-2024-25705
CVE.ORG link : CVE-2024-25705
JSON object : View
Products Affected
No product.
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')