CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-25837

There is a Cross-site Scripting vulnerability in Esri ArcGIS Enterprise Sites versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked by a victim could potentially execute arbitrary JavaScript code in the target's browser. The privileges required to execute this attack are high. The impact to Confidentiality, Integrity and Availability are High.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 37.7%

CVSS Severity

CVSS v3 Score 8.4

References

https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-enterprise-sites-security-patch-is-now-available/
https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-enterprise-sites-security-patch-is-now-available/

Products affected by CVE-2023-25837

Esri » Portal For Arcgis » Version: 10.8.1

cpe:2.3:a:esri:portal_for_arcgis:10.8.1
Esri » Portal For Arcgis » Version: 10.9

cpe:2.3:a:esri:portal_for_arcgis:10.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-25837

Products

Pricing

Contact Us