Cross-Site Scripting Vulnerability Affects ArcGIS Experience Builder
CVE-2024-25705

5.4MEDIUM

Key Information:

Vendor: Esri
Status: Portal For Arcgis
Vendor: CVE Published:; 4 April 2024

What is CVE-2024-25705?

There is a cross site scripting vulnerability in the Esri Portal for ArcGIS Experience Builder 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are low.

Affected Version(s)

Portal for ArcGIS Windows all

References

https://www.esri.com/arcgis-blog/products/trust-arcgis/ad...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 4, 2024