Reflected Cross-Site Scripting in Esri Portal for ArcGIS
CVE-2025-57875
4.8MEDIUM
What is CVE-2025-57875?
A reflected cross-site scripting vulnerability exists in Esri Portal for ArcGIS versions 11.4 and earlier. This flaw allows a remote authenticated attacker with administrative privileges to inject a specially crafted string into a web application, enabling the execution of arbitrary JavaScript code within the user's browser. This can lead to serious security breaches, as attackers could manipulate user sessions or gain unauthorized access to sensitive data.
Affected Version(s)
Portal for ArcGIS Windows 10.9.1 <= 11.4