CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-25709

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS versions 11.2 and below that may allow a remote, authenticated attacker to create a crafted link that can be saved as a new location when moving an existing item which will potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 30.1%

CVSS Severity

CVSS v3 Score 6.1

References

https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2024-update-1/

Products affected by CVE-2024-25709

Esri » Portal For Arcgis » Version: 10.8.1

cpe:2.3:a:esri:portal_for_arcgis:10.8.1
Esri » Portal For Arcgis » Version: 10.9.1

cpe:2.3:a:esri:portal_for_arcgis:10.9.1
Esri » Portal For Arcgis » Version: 11.0

cpe:2.3:a:esri:portal_for_arcgis:11.0
Esri » Portal For Arcgis » Version: 11.1

cpe:2.3:a:esri:portal_for_arcgis:11.1
Esri » Portal For Arcgis » Version: 11.2

cpe:2.3:a:esri:portal_for_arcgis:11.2
Linux » Linux Kernel » Version: N/A

cpe:2.3:o:linux:linux_kernel:-
Microsoft » Windows » Version: N/A

cpe:2.3:o:microsoft:windows:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-25709

Products

Pricing

Contact Us