There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions 11.2 and below that may allow a remote, authenticated attacker to provide input that is not sanitized properly and is rendered in error messages. The are no privileges required to execute this attack.
References
Configurations
History
10 Apr 2025, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (en) There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions 11.2 and below that may allow a remote, authenticated attacker to provide input that is not sanitized properly and is rendered in error messages. The are no privileges required to execute this attack. |
08 Jan 2025, 14:32
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2024-update-2/ - Vendor Advisory | |
| First Time |
Esri portal For Arcgis
Esri |
|
| CPE | cpe:2.3:a:esri:portal_for_arcgis:*:*:*:*:*:*:*:* |
Information
Published : 2024-04-04 18:15
Updated : 2025-04-10 19:15
NVD link : CVE-2024-25695
Mitre link : CVE-2024-25695
CVE.ORG link : CVE-2024-25695
JSON object : View
Products Affected
esri
- portal_for_arcgis
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')