There is a Cross-site Scripting vulnerability in Esri ArcGIS Enterprise Sites versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked by a victim could potentially execute arbitrary JavaScript code in the target's browser. The privileges required to execute this attack are high.
The impact to Confidentiality, Integrity and Availability are High.
References
Configurations
History
10 Apr 2025, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (en) There is a Cross-site Scripting vulnerability in Esri ArcGIS Enterprise Sites versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked by a victim could potentially execute arbitrary JavaScript code in the target's browser. The privileges required to execute this attack are high. The impact to Confidentiality, Integrity and Availability are High. |
Information
Published : 2023-07-21 04:15
Updated : 2025-04-10 19:15
NVD link : CVE-2023-25837
Mitre link : CVE-2023-25837
CVE.ORG link : CVE-2023-25837
JSON object : View
Products Affected
esri
- portal_for_arcgis
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')