Cross-site Scripting Vulnerability in Portal for ArcGIS
CVE-2024-25695

7.2HIGH

Key Information:

Vendor: Esri
Status: Portal For Arcgis
Vendor: CVE Published:; 4 April 2024

What is CVE-2024-25695?

A vulnerability affecting Portal for ArcGIS allows for Cross-site Scripting, enabling an attacker who has authenticated access to inject malicious scripts through improperly sanitized error message inputs. This could potentially lead to unintended behavior in web applications. Security enhancements should be applied to mitigate risks associated with this vulnerability, particularly for users operating on versions up to 11.2. Regular updates and monitoring of system configurations are essential to maintaining a secure environment.

Affected Version(s)

Portal for ArcGIS Windows all <= 11.2

References

https://www.esri.com/arcgis-blog/products/arcgis-enterpri...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 4, 2024

Esri

What is CVE-2024-25695?

Affected Version(s)

References

CVSS V3.1

Timeline