There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS versions 10.8.1 – 1121 that may allow a remote, authenticated attacker to create a crafted link that can be saved as a new location when moving an existing item which will potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high.
References
Configurations
No configuration.
History
10 Oct 2024, 12:57
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
08 Oct 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
CWE | CWE-79 | |
Summary | (en) There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS versions 10.8.1 – 1121 that may allow a remote, authenticated attacker to create a crafted link that can be saved as a new location when moving an existing item which will potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high. |
25 Apr 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary |
|
|
Summary | (en) Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because this item is scheduled to be patched at a future time. | |
CWE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
19 Apr 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary |
|
04 Apr 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-04 18:15
Updated : 2024-10-10 12:57
NVD link : CVE-2024-25709
Mitre link : CVE-2024-25709
CVE.ORG link : CVE-2024-25709
JSON object : View
Products Affected
No product.
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')