Cross-site Scripting Vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder
CVE-2024-25708
4.8MEDIUM
What is CVE-2024-25708?
A stored Cross-site Scripting vulnerability exists in Esri Portal for ArcGIS Enterprise Web App Builder versions 10.8.1 through 10.9.1. This vulnerability enables a remote, authenticated attacker to construct a specially crafted link that, when accessed, could execute arbitrary JavaScript code in the browser of an unsuspecting user. The attack requires elevated privileges to conduct successfully, making it imperative for users of the affected versions to apply security updates and mitigate potential risks associated with this flaw.
Affected Version(s)
ArcGIS Enterprise Web App Builder x86 All <= 10.9.1
References
CVSS V3.1
Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published