Reflected XSS Vulnerability in Esri Portal for ArcGIS
CVE-2022-38188

7.1HIGH

Key Information:

Vendor

Esri

Status
Portal For Arcgis
Vendor
CVE Published:
15 August 2022

What is CVE-2022-38188?

A reflected cross-site scripting vulnerability exists in Esri's Portal for ArcGIS version 10.9.1. This flaw allows malicious actors to create specially crafted links that, when clicked by an unsuspecting user, can execute arbitrary JavaScript code in the user's browser. Successful exploitation may lead to various attacks, including data theft, session hijacking, and unauthorized actions on behalf of the user. It's crucial for organizations using this product to implement security patches and educate users about the risks associated with clicking unknown links.

Affected Version(s)

Portal for ArcGIS x64 10.9.1

References

https://www.esri.com/arcgis-blog/products/arcgis-enterpri...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

CVSS V3.0

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2022-38188 : Reflected XSS Vulnerability in Esri Portal for ArcGIS