CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-38039

There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or customer data rendered).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 23.0%

CVSS Severity

CVSS v3 Score 5.4

References

https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2024-update-2-released/

Products affected by CVE-2024-38039

Esri » Portal For Arcgis » Version: N/A

cpe:2.3:a:esri:portal_for_arcgis:-
Esri » Portal For Arcgis » Version: 10.6

cpe:2.3:a:esri:portal_for_arcgis:10.6
Esri » Portal For Arcgis » Version: 10.6.1

cpe:2.3:a:esri:portal_for_arcgis:10.6.1
Esri » Portal For Arcgis » Version: 10.7.1

cpe:2.3:a:esri:portal_for_arcgis:10.7.1
Esri » Portal For Arcgis » Version: 10.8

cpe:2.3:a:esri:portal_for_arcgis:10.8
Esri » Portal For Arcgis » Version: 10.8.1

cpe:2.3:a:esri:portal_for_arcgis:10.8.1
Esri » Portal For Arcgis » Version: 10.9

cpe:2.3:a:esri:portal_for_arcgis:10.9
Esri » Portal For Arcgis » Version: 10.9.1

cpe:2.3:a:esri:portal_for_arcgis:10.9.1
Esri » Portal For Arcgis » Version: 11.0

cpe:2.3:a:esri:portal_for_arcgis:11.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-38039

Products

Pricing

Contact Us