Cross-site Scripting Vulnerability in Portal for ArcGIS
CVE-2024-25695

7.2HIGH

Key Information:

Vendor

Esri

Status
Portal For Arcgis
Vendor
CVE Published:
4 April 2024

What is CVE-2024-25695?

A vulnerability affecting Portal for ArcGIS allows for Cross-site Scripting, enabling an attacker who has authenticated access to inject malicious scripts through improperly sanitized error message inputs. This could potentially lead to unintended behavior in web applications. Security enhancements should be applied to mitigate risks associated with this vulnerability, particularly for users operating on versions up to 11.2. Regular updates and monitoring of system configurations are essential to maintaining a secure environment.

Affected Version(s)

Portal for ArcGIS Windows all <= 11.2

References

https://www.esri.com/arcgis-blog/products/arcgis-enterpri...

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

.
CVE-2024-25695 : Cross-site Scripting Vulnerability in Portal for ArcGIS