Esri Portal For Arcgis Enterprise Experience Builder vulnerabilities
2 known vulnerabilities affecting esri/portal_for_arcgis_enterprise_experience_builder.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2024-38036P4MEDIUMCVSS 5.4≥ all, ≤ 11.12024-10-04
CVE-2024-38036 [MEDIUM] CWE-79 CVE-2024-38036: There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
nvd
CVE-2024-25701P4MEDIUMCVSS 4.8≥ all, ≤ 11.12024-10-04
CVE-2024-25701 [MEDIUM] CWE-79 CVE-2024-25701: There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Experience
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Experience Builder versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in the Experience Builder Embed widget which when loaded could potentially execute arbitrary JavaScript code in the victim’s browse
nvd