Esri Portal For Arcgis Sites vulnerabilities
3 known vulnerabilities affecting esri/portal_for_arcgis_sites.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-25837P3HIGHCVSS 8.4≥ All, ≤ 10.92023-07-21
CVE-2023-25837 [HIGH] CWE-79 CVE-2023-25837: There is a Cross‑Site Scripting (XSS) vulnerability in Esri ArcGIS Enterprise Sites versions 10.9 an
There is a Cross‑Site Scripting (XSS) vulnerability in Esri ArcGIS Enterprise Sites versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which, when clicked by a victim, could result in the execution of arbitrary JavaScript code in the target’s browser. Exploitation requires high‑privileged authenticated acce
nvd
CVE-2023-25835P3HIGHCVSS 8.4≥ All, ≤ 11.12023-07-21
CVE-2023-25835 [HIGH] CWE-79 CVE-2023-25835: There is a stored Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS Sites versions
There is a stored Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS Sites versions 11.1 and below that may allow a remote, authenticated attacker with high‑privileged access to create a crafted link that is persisted within the site configuration. When accessed by a victim, the stored payload may execute arbitrary JavaScript code in the
nvd
CVE-2023-25836P4MEDIUMCVSS 5.4≥ All, ≤ 10.92023-07-21
CVE-2023-25836 [MEDIUM] CWE-79 CVE-2023-25836: There is a Cross-site Scripting vulnerability in Esri Portal for ArcGIS Sites in versions 10.9 and b
There is a Cross-site Scripting vulnerability in Esri Portal for ArcGIS Sites in versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are low.
nvd