cbcvebase.

Esri Portal For Arcgis Enterprise Sites vulnerabilities

4 known vulnerabilities affecting esri/portal_for_arcgis_enterprise_sites.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2025-55107P4MEDIUMCVSS 4.8≥ 10.9.1, ≤ 11.42025-08-21
CVE-2025-55107 [MEDIUM] CWE-79 CVE-2025-55107: There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this
nvd
CVE-2025-55103P4MEDIUMCVSS 4.8≥ 10.9.1, ≤ 11.42025-08-21
CVE-2025-55103 [MEDIUM] CWE-79 CVE-2025-55103: There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites vers There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute
nvd
CVE-2025-55106P4MEDIUMCVSS 4.8≥ 10.9.1, ≤ 11.42025-08-21
CVE-2025-55106 [MEDIUM] CWE-79 CVE-2025-55106: There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites vers There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute
nvd
CVE-2025-55104P4MEDIUMCVSS 4.8≥ 10.9.1, ≤ 11.42025-08-21
CVE-2025-55104 [MEDIUM] CWE-79 CVE-2025-55104: A stored cross-site scripting (XSS) vulnerability exists ArcGIS HUB and ArcGIS Enterprise Sites whic A stored cross-site scripting (XSS) vulnerability exists ArcGIS HUB and ArcGIS Enterprise Sites which allows an authenticated user with the ability to create or edit a site to add and store an XSS payload. If this stored XSS payload is triggered by any user attacker supplied JavaScript may execute in the victim's browser.
nvd
Esri Portal For Arcgis Enterprise Sites vulnerabilities | cvebase