Shodan
Vulnerabilities
Vulnerable Software
Esri:  >> Portal For Arcgis  >> 11.3  Security Vulnerabilities
CVE-2025-55105
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-08-21
CVE-2025-55106
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-08-21
CVE-2025-55107
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-08-21
CVE-2025-4967
Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated attacker to bypass the Portal’s SSRF protections.
CVSS Score
9.1
EPSS Score
0.0
Published
2025-05-29
CVE-2025-2538
A hardcoded credential vulnerability exists in a specific deployment pattern for Esri Portal for ArcGIS versions 11.4 and below that may allow a remote unauthenticated attacker to gain administrative access to the system.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-03-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved