BUG-000153659 ArcGIS Enterprise Sites has a stored XSS vulnerability
CVE-2023-25835

8.4HIGH

Key Information:

Vendor: Esri
Status: Portal For Arcgis Sites
Vendor: CVE Published:; 21 July 2023

What is CVE-2023-25835?

A stored Cross-site Scripting vulnerability exists in the Esri Portal for ArcGIS Enterprise Sites, specifically versions 10.8.1 through 11.1. This flaw allows an authenticated remote attacker to craft a malicious link that, once stored in the site configuration, can execute arbitrary JavaScript code in the browser of any user who clicks the link. The successful exploitation of this vulnerability may compromise the confidentiality, integrity, and availability of the affected systems, posing significant risks to users and operations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Portal for ArcGIS Sites 64 bit All <= 11.1

References

https://www.esri.com/arcgis-blog/products/trust-arcgis/ad...

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 21, 2023
Vulnerability Reserved
Feb 15, 2023

JSON

Esri

What is CVE-2023-25835?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.