CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-25705

There is a cross site scripting vulnerability in the Esri Portal for ArcGIS Experience Builder 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are low.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 40.5%

CVSS Severity

CVSS v3 Score 5.4

References

https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/the-portal-for-arcgis-security-2024-update-2-is-available-install-these-patches-at-your-earliest-opportunity-to-address-these-vulnerabilities/

Products affected by CVE-2024-25705

Esri » Portal For Arcgis » Version: N/A

cpe:2.3:a:esri:portal_for_arcgis:-
Esri » Portal For Arcgis » Version: 10.6

cpe:2.3:a:esri:portal_for_arcgis:10.6
Esri » Portal For Arcgis » Version: 10.6.1

cpe:2.3:a:esri:portal_for_arcgis:10.6.1
Esri » Portal For Arcgis » Version: 10.7.1

cpe:2.3:a:esri:portal_for_arcgis:10.7.1
Esri » Portal For Arcgis » Version: 10.8

cpe:2.3:a:esri:portal_for_arcgis:10.8
Esri » Portal For Arcgis » Version: 10.8.1

cpe:2.3:a:esri:portal_for_arcgis:10.8.1
Esri » Portal For Arcgis » Version: 10.9

cpe:2.3:a:esri:portal_for_arcgis:10.9
Esri » Portal For Arcgis » Version: 10.9.1

cpe:2.3:a:esri:portal_for_arcgis:10.9.1
Esri » Portal For Arcgis » Version: 11.0

cpe:2.3:a:esri:portal_for_arcgis:11.0
Esri » Portal For Arcgis » Version: 11.1

cpe:2.3:a:esri:portal_for_arcgis:11.1
Linux » Linux Kernel » Version: N/A

cpe:2.3:o:linux:linux_kernel:-
Microsoft » Windows » Version: N/A

cpe:2.3:o:microsoft:windows:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-25705

Products

Pricing

Contact Us