There is an HTML injection vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL which, when clicked, could potentially generate a message that may entice an unsuspecting victim to visit an arbitrary website. This could simplify phishing attacks.
References
| Link | Resource |
|---|---|
| https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2024-update-2/ | Vendor Advisory |
Configurations
History
10 Apr 2025, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (en) There is an HTML injection vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL which, when clicked, could potentially generate a message that may entice an unsuspecting victim to visit an arbitrary website. This could simplify phishing attacks. |
08 Jan 2025, 15:42
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2024-update-2/ - Vendor Advisory | |
| First Time |
Esri portal For Arcgis
Esri |
|
| CPE | cpe:2.3:a:esri:portal_for_arcgis:*:*:*:*:*:*:*:* | |
| CWE | CWE-79 |
Information
Published : 2024-04-04 18:15
Updated : 2025-04-10 19:15
NVD link : CVE-2024-25706
Mitre link : CVE-2024-25706
CVE.ORG link : CVE-2024-25706
JSON object : View
Products Affected
esri
- portal_for_arcgis