Cross-site Scripting Vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder
CVE-2024-25708

4.8MEDIUM

Key Information:

Vendor: Esri
Status: Arcgis Enterprise Web App Builder
Vendor: CVE Published:; 4 April 2024

What is CVE-2024-25708?

A stored Cross-site Scripting vulnerability exists in Esri Portal for ArcGIS Enterprise Web App Builder versions 10.8.1 through 10.9.1. This vulnerability enables a remote, authenticated attacker to construct a specially crafted link that, when accessed, could execute arbitrary JavaScript code in the browser of an unsuspecting user. The attack requires elevated privileges to conduct successfully, making it imperative for users of the affected versions to apply security updates and mitigate potential risks associated with this flaw.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ArcGIS Enterprise Web App Builder x86 All <= 10.9.1

References

https://www.esri.com/arcgis-blog/products/arcgis-enterpri...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 4, 2024

JSON

Esri