Reflected XSS Vulnerability in Esri Portal for ArcGIS Could Allow Remote Execution of Arbitrary JavaScript Code
CVE-2024-8149

4.6MEDIUM

Key Information:

Vendor: Esri
Status: Portal For Arcgis
Vendor: CVE Published:; 4 October 2024

What is CVE-2024-8149?

A reflected cross-site scripting (XSS) vulnerability exists in Esri Portal for ArcGIS versions 11.1 and 11.2. This flaw allows a remote, unauthenticated attacker to craft a malicious link. When this link is clicked by a user, it can exploit the vulnerability, potentially executing arbitrary JavaScript code within the user's browser session. This poses significant risks, including the possibility of data theft, session hijacking, and other malicious activities due to the execution of unauthorized scripts.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Portal for ArcGIS 11.1

Portal for ArcGIS 11.2

References

https://www.esri.com/arcgis-blog/products/trust-arcgis/ad...

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 4, 2024

JSON

Esri