CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-38190

A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS configurable apps may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 58.7%

CVSS Severity

CVSS v3 Score 6.1

References

Products affected by CVE-2022-38190

Esri » Portal For Arcgis » Version: N/A

cpe:2.3:a:esri:portal_for_arcgis:-
Esri » Portal For Arcgis » Version: 10.6

cpe:2.3:a:esri:portal_for_arcgis:10.6
Esri » Portal For Arcgis » Version: 10.6.1

cpe:2.3:a:esri:portal_for_arcgis:10.6.1
Esri » Portal For Arcgis » Version: 10.7.1

cpe:2.3:a:esri:portal_for_arcgis:10.7.1
Esri » Portal For Arcgis » Version: 10.8

cpe:2.3:a:esri:portal_for_arcgis:10.8
Esri » Portal For Arcgis » Version: 10.8.1

cpe:2.3:a:esri:portal_for_arcgis:10.8.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-38190

Products

Pricing

Contact Us