cbcvebase.

Esri Arcgis Enterprise Web App Builder vulnerabilities

3 known vulnerabilities affecting esri/arcgis_enterprise_web_app_builder.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2024-25690P4MEDIUMCVSS 4.7≥ all, ≤ 11.12024-04-04
CVE-2024-25690 [MEDIUM] CWE-80 CVE-2024-25690: There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.1 and below that may There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser.
nvd
CVE-2024-25702P4MEDIUMCVSS 4.8≥ all, ≤ 11.12024-10-04
CVE-2024-25702 [MEDIUM] CWE-79 CVE-2024-25702: There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites vers There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges require
nvd
CVE-2024-25708P4MEDIUMCVSS 4.8≥ All, ≤ 10.9.12024-04-04
CVE-2024-25708 [MEDIUM] CWE-79 CVE-2024-25708: There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Bu There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 10.9.1 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are
nvd
Esri Arcgis Enterprise Web App Builder vulnerabilities | cvebase