Esri Portal For Arcgis vulnerabilities
73 known vulnerabilities affecting esri/portal_for_arcgis.
Total CVEs
73
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH14MEDIUM54
Vulnerabilities
Page 2 of 4
CVE-2025-57879P4MEDIUMCVSS 6.1v10.9.1v11.0+5 more2025-09-29
CVE-2025-57879 [MEDIUM] CWE-601 CVE-2025-57879: There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may all
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
nvd
CVE-2025-57878P4MEDIUMCVSS 6.1v10.9.1v11.0+5 more2025-09-29
CVE-2025-57878 [MEDIUM] CWE-601 CVE-2025-57878: There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may all
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
nvd
CVE-2024-25706P4MEDIUMCVSS 6.1≤ 11.0≥ All, ≤ <=11.02024-04-04
CVE-2024-25706 [MEDIUM] CWE-94 CVE-2024-25706: There is an HTML injection vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a r
There is an HTML injection vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL which, when clicked, could potentially generate a message that may entice an unsuspecting victim to visit an arbitrary website. This could simplify phishing attacks.
nvd
CVE-2024-8148P4MEDIUMCVSS 6.1v10.8.1v10.9.1+3 more2024-10-04
CVE-2024-8148 [MEDIUM] CWE-601 CVE-2024-8148: There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.2 and below that may all
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.2 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
nvd
CVE-2024-38037P4MEDIUMCVSS 6.1v10.9.1v11.0+1 more2024-10-04
CVE-2024-38037 [MEDIUM] CWE-601 CVE-2024-38037: There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and below that may all
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
nvd
CVE-2022-38210P4MEDIUMCVSS 6.1≤ 10.9.12022-12-29
CVE-2022-38210 [MEDIUM] CWE-80 CVE-2022-38210: There is a reflected HTML injection vulnerability in Esri Portal for ArcGIS versions 10.9.1 and belo
There is a reflected HTML injection vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser.
nvd
CVE-2023-25829P4MEDIUMCVSS 6.1v10.9.1v11.0+1 more2023-05-09
CVE-2023-25829 [MEDIUM] CWE-601 CVE-2023-25829: There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and below that may all
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
nvd
CVE-2022-38208P4MEDIUMCVSS 6.1≤ 11.02022-12-29
CVE-2022-38208 [MEDIUM] CWE-601 CVE-2022-38208: There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11 and below that may allow
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
nvd
CVE-2023-25833P4MEDIUMCVSS 5.4≤ 11.0≥ All, ≤ 11.02023-05-10
CVE-2023-25833 [MEDIUM] CWE-80 CVE-2023-25833: There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or customer data rendered).
nvd
CVE-2023-25834P4MEDIUMCVSS 5.4≥ 10.7.1, ≤ 10.9.1≥ all, ≤ 10.9.12023-05-09
CVE-2023-25834 [MEDIUM] CWE-269 CVE-2023-25834: Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specif
Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access.
nvd
CVE-2024-38039P4MEDIUMCVSS 5.4≤ 11.0v10.9.1+1 more2024-10-04
CVE-2024-38039 [MEDIUM] CWE-80 CVE-2024-38039: There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or customer data rendered).
nvd
CVE-2023-25831P4MEDIUMCVSS 6.1v10.7.1v10.8.1+2 more2023-05-09
CVE-2023-25831 [MEDIUM] CWE-79 CVE-2023-25831: There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and below which may
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
nvd
CVE-2022-38190P4MEDIUMCVSS 6.1≤ 10.8.1≥ all, ≤ 10.8.12022-08-15
CVE-2022-38190 [MEDIUM] CWE-79 CVE-2022-38190: A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS configurable apps may al
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS configurable apps may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser
nvd
CVE-2024-25692P4MEDIUMCVSS 5.4≤ 11.1≥ all, ≤ 11.02024-04-04
CVE-2024-25692 [MEDIUM] CWE-352 CVE-2024-25692: There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.1 and belo
There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.1 and below that may in some cases allow a remote, unauthenticated attacker to trick an authorized user into executing unwanted actions via a crafted form. The impact to Confidentiality and Integrity vectors is limited and of low severity.
nvd
CVE-2023-25830P4MEDIUMCVSS 6.1v10.7.1v10.8.1+2 more2023-05-09
CVE-2023-25830 [MEDIUM] CWE-79 CVE-2023-25830: There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and before which may
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and before which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
nvd
CVE-2022-38206P4MEDIUMCVSS 6.1≤ 10.9.12022-12-29
CVE-2022-38206 [MEDIUM] CWE-79 CVE-2022-38206: There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked could execute arbitrary JavaScript code in the victim’s browser.
nvd
CVE-2022-38204P4MEDIUMCVSS 6.1v10.7.1v10.8.12022-12-29
CVE-2022-38204 [MEDIUM] CWE-79 CVE-2022-38204: There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which ma
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
nvd
CVE-2022-38207P4MEDIUMCVSS 6.1v10.7.1v10.8.12022-12-29
CVE-2022-38207 [MEDIUM] CWE-79 CVE-2022-38207: There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which ma
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked which could execute arbitrary JavaScript code in the victim’s browser.
nvd
CVE-2024-25709P4MEDIUMCVSS 6.1v10.8.1v10.9.1+4 more2024-04-04
CVE-2024-25709 [MEDIUM] CWE-79 CVE-2024-25709: There is a stored Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS versions 11.2 a
There is a stored Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS versions 11.2 and below that may allow a remote, authenticated attacker to create a crafted link that can be saved as a new location when moving an existing item, which could potentially execute arbitrary JavaScript code in a victim’s browser. Exploitation does not r
nvd
CVE-2024-25698P4MEDIUMCVSS 6.1≤ 11.1≥ all, ≤ 11.12024-04-04
CVE-2024-25698 [MEDIUM] CWE-79 CVE-2024-25698: There is a reflected cross site scripting vulnerability in the home application in Esri Portal for A
There is a reflected cross site scripting vulnerability in the home application in Esri Portal for ArcGIS 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
nvd