cbcvebase.

Esri Portal For Arcgis vulnerabilities

73 known vulnerabilities affecting esri/portal_for_arcgis.

Total CVEs
73
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH14MEDIUM54

Vulnerabilities

Page 3 of 4
CVE-2024-38038P4MEDIUMCVSS 6.1v10.7.1v10.8.1+2 more2024-10-04
CVE-2024-38038 [MEDIUM] CWE-79 CVE-2024-38038: There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 which may allow a rem There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
nvd
CVE-2024-25691P4MEDIUMCVSS 6.1v10.8.1v10.9.1+2 more2024-10-04
CVE-2024-25691 [MEDIUM] CWE-79 CVE-2024-25691: There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and below which may a There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
nvd
CVE-2024-38036P4MEDIUMCVSS 5.4v10.7.1v10.8.1+1 more2024-10-04
CVE-2024-38036 [MEDIUM] CWE-79 CVE-2024-38036: There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
nvd
CVE-2024-25705P4MEDIUMCVSS 5.4≤ 11.1≥ all, ≤ <=11.12024-04-04
CVE-2024-25705 [MEDIUM] CWE-79 CVE-2024-25705: There is a cross‑site scripting (XSS) vulnerability in Esri Portal for ArcGIS Experience Builder ver There is a cross‑site scripting (XSS) vulnerability in Esri Portal for ArcGIS Experience Builder versions 11.1 and below on Windows and Linux that allows a remote, authenticated attacker with low‑privileged access to create a crafted link which, when clicked, could potentially execute arbitrary JavaScript code in the victim’s browser. Exploitation re
nvd
CVE-2024-25690P4MEDIUMCVSS 4.7≤ 11.12024-04-04
CVE-2024-25690 [MEDIUM] CWE-80 CVE-2024-25690: There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.1 and below that may There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser.
nvd
CVE-2022-38209P4MEDIUMCVSS 6.1≤ 10.9.12022-12-29
CVE-2022-38209 [MEDIUM] CWE-79 CVE-2022-38209: There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could execute arbitrary JavaScript code in the victim’s browser.
nvd
CVE-2022-38186P4MEDIUMCVSS 6.1≤ 10.8.1≥ 10.8.1, ≤ All2022-08-15
CVE-2022-38186 [MEDIUM] CWE-79 CVE-2022-38186: There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below which may There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser.
nvd
CVE-2022-38188P4MEDIUMCVSS 6.1≤ 10.8.1v10.9.12022-08-15
CVE-2022-38188 [MEDIUM] CWE-79 CVE-2022-38188: There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a r There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser.
nvd
CVE-2021-29110P4MEDIUMCVSS 5.4≤ 10.9≥ All, ≤ 10.92021-10-01
CVE-2021-29110 [MEDIUM] CWE-79 CVE-2021-29110: Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may allow a remote unauthenticated Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application.
nvd
CVE-2021-29109P4MEDIUMCVSS 6.1≤ 10.9≥ All, ≤ 10.92021-10-01
CVE-2021-29109 [MEDIUM] CWE-79 CVE-2021-29109: A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9 and below may allow a remote at A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser.
nvd
CVE-2022-38189P4MEDIUMCVSS 5.4≥ All, ≤ 10.8.12022-08-16
CVE-2022-38189 [MEDIUM] CWE-79 CVE-2022-38189: A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, auth A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser.
nvd
CVE-2022-38191P4MEDIUMCVSS 5.4≤ 10.9≥ all, ≤ 10.8.12022-08-15
CVE-2022-38191 [MEDIUM] CWE-74 CVE-2022-38191: There is an HTML injection issue in Esri Portal for ArcGIS versions 10.9.0 and below which may allow There is an HTML injection issue in Esri Portal for ArcGIS versions 10.9.0 and below which may allow a remote, authenticated attacker to inject HTML into some locations in the home application.
nvd
CVE-2024-25697P4MEDIUMCVSS 5.4≤ 11.1≥ all, ≤ 11.12024-04-04
CVE-2024-25697 [MEDIUM] CWE-79 CVE-2024-25697: There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions 11.1 and below that m There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link which when opening an authenticated users bio page will render an image in the victims browser. The privileges required to execute this attack are low.
nvd
CVE-2023-25836P4MEDIUMCVSS 5.4≥ 10.8.1, ≤ 10.92023-07-21
CVE-2023-25836 [MEDIUM] CWE-79 CVE-2023-25836: There is a Cross-site Scripting vulnerability in Esri Portal for ArcGIS Sites in versions 10.9 and b There is a Cross-site Scripting vulnerability in Esri Portal for ArcGIS Sites in versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are low.
nvd
CVE-2022-38192P4MEDIUMCVSS 5.4≤ 10.8.1≥ All, ≤ 10.8.12022-08-16
CVE-2022-38192 [MEDIUM] CWE-79 CVE-2022-38192: A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, auth A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser.
nvd
CVE-2022-38194P4MEDIUMCVSS 5.5v10.8.12022-08-16
CVE-2022-38194 [MEDIUM] CWE-311 CVE-2022-38194: In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may lea In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may lead to a local user reading sensitive information from a properties file.
nvd
CVE-2024-25694P4MEDIUMCVSS 4.8≥ 10.8.1, ≤ 10.9.12024-10-04
CVE-2024-25694 [MEDIUM] CWE-79 CVE-2024-25694: There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise versions 1 There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in the Layer Showcase application configuration which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The pr
nvd
CVE-2024-25702P4MEDIUMCVSS 4.8≥ 10.8.1, ≤ 11.12024-10-04
CVE-2024-25702 [MEDIUM] CWE-79 CVE-2024-25702: There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites vers There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges require
nvd
CVE-2024-25701P4MEDIUMCVSS 4.8≥ 10.8.1, ≤ 11.12024-10-04
CVE-2024-25701 [MEDIUM] CWE-79 CVE-2024-25701: There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Experience There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Experience Builder versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in the Experience Builder Embed widget which when loaded could potentially execute arbitrary JavaScript code in the victim’s browse
nvd
CVE-2025-57876P4MEDIUMCVSS 4.8v10.9.1v11.0+5 more2025-09-29
CVE-2025-57876 [MEDIUM] CWE-79 CVE-2025-57876: There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high. The a
nvd
Esri Portal For Arcgis vulnerabilities | cvebase