Cross-site Scripting Vulnerability in Portal for ArcGIS
CVE-2024-25695

7.2HIGH

Key Information:

Vendor: Esri
Status: Portal For Arcgis
Vendor: CVE Published:; 4 April 2024

What is CVE-2024-25695?

A vulnerability affecting Portal for ArcGIS allows for Cross-site Scripting, enabling an attacker who has authenticated access to inject malicious scripts through improperly sanitized error message inputs. This could potentially lead to unintended behavior in web applications. Security enhancements should be applied to mitigate risks associated with this vulnerability, particularly for users operating on versions up to 11.2. Regular updates and monitoring of system configurations are essential to maintaining a secure environment.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Portal for ArcGIS Windows all <= 11.2

References

https://www.esri.com/arcgis-blog/products/arcgis-enterpri...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 4, 2024

JSON

Esri