Esri Portal For Arcgis vulnerabilities
73 known vulnerabilities affecting esri/portal_for_arcgis.
Total CVEs
73
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH14MEDIUM54
Vulnerabilities
Page 4 of 4
CVE-2025-57871P4MEDIUMCVSS 4.8v10.9.1v11.0+5 more2025-09-29
CVE-2025-57871 [MEDIUM] CWE-79 CVE-2025-57871: There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below tha
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser.
nvd
CVE-2025-57873P4MEDIUMCVSS 4.8v10.9.1v11.0+5 more2025-09-29
CVE-2025-57873 [MEDIUM] CWE-79 CVE-2025-57873: There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below tha
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser.
nvd
CVE-2025-57877P4MEDIUMCVSS 4.8v10.9.1v11.0+5 more2025-09-29
CVE-2025-57877 [MEDIUM] CWE-79 CVE-2025-57877: There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below tha
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser.
nvd
CVE-2025-57875P4MEDIUMCVSS 4.8v10.9.1v11.0+5 more2025-09-29
CVE-2025-57875 [MEDIUM] CWE-79 CVE-2025-57875: There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below tha
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser.
nvd
CVE-2025-57874P4MEDIUMCVSS 4.8v10.9.1v11.0+5 more2025-09-29
CVE-2025-57874 [MEDIUM] CWE-79 CVE-2025-57874: There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below tha
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser.
nvd
CVE-2025-55107P4MEDIUMCVSS 4.8≥ 10.9.1, ≤ 11.42025-08-21
CVE-2025-55107 [MEDIUM] CWE-79 CVE-2025-55107: There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites
There is a stored
Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites
versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to
inject malicious a file with an embedded xss script which when loaded could
potentially execute arbitrary JavaScript code in the victim’s browser. The
privileges required to execute this
nvd
CVE-2025-55105P4MEDIUMCVSS 4.8≥ 10.9.1, ≤ 11.42025-08-21
CVE-2025-55105 [MEDIUM] CWE-79 CVE-2025-55105: There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites vers
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute
nvd
CVE-2025-55103P4MEDIUMCVSS 4.8v10.9.1v11.1+2 more2025-08-21
CVE-2025-55103 [MEDIUM] CWE-79 CVE-2025-55103: There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites vers
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute
nvd
CVE-2025-55106P4MEDIUMCVSS 4.8≥ 10.9.1, ≤ 11.42025-08-21
CVE-2025-55106 [MEDIUM] CWE-79 CVE-2025-55106: There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites vers
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute
nvd
CVE-2024-8149P4MEDIUMCVSS 4.6v11.1v11.22024-10-04
CVE-2024-8149 [MEDIUM] CWE-79 CVE-2024-8149: There is a reflected Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS versions 11.
There is a reflected Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2 that may allow a remote, authenticated attacker with low‑privileged access to create a crafted link which, when clicked, could potentially execute arbitrary JavaScript code in the victim’s browser. Exploitation is limited to the same browser e
nvd
CVE-2025-55104P4MEDIUMCVSS 4.8≥ 10.9.1, ≤ 11.42025-08-21
CVE-2025-55104 [MEDIUM] CWE-79 CVE-2025-55104: A stored cross-site scripting (XSS) vulnerability exists ArcGIS HUB and ArcGIS Enterprise Sites whic
A stored cross-site scripting (XSS) vulnerability exists ArcGIS HUB and ArcGIS Enterprise Sites which allows an authenticated user with the ability to create or edit a site to add and store an XSS payload. If this stored XSS payload is triggered by any user attacker supplied JavaScript may execute in the victim's browser.
nvd
CVE-2024-25696P4MEDIUMCVSS 4.8≤ 11.0≥ All, ≤ 11.02024-04-04
CVE-2024-25696 [MEDIUM] CWE-79 CVE-2024-25696: There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions 11.0 and below that m
There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when accessing the page editor an image will render in the victim’s browser. The privileges required to execute this attack are high.
nvd
CVE-2024-25707P4MEDIUMCVSS 4.8≤ 11.1≥ all, ≤ 11.12024-10-04
CVE-2024-25707 [MEDIUM] CWE-79 CVE-2024-25707: There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Li
There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript code in the their own browser (Self XSS). A user cannot be phished into clicking a link to execute
nvd
← Previous4 / 4