cbcvebase.

Esri Portal For Arcgis Sites vulnerabilities

3 known vulnerabilities affecting esri/portal_for_arcgis_sites.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2023-25837P3HIGHCVSS 8.4≥ All, ≤ 10.92023-07-21
CVE-2023-25837 [HIGH] CWE-79 CVE-2023-25837: There is a Cross‑Site Scripting (XSS) vulnerability in Esri ArcGIS Enterprise Sites versions 10.9 an There is a Cross‑Site Scripting (XSS) vulnerability in Esri ArcGIS Enterprise Sites versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which, when clicked by a victim, could result in the execution of arbitrary JavaScript code in the target’s browser. Exploitation requires high‑privileged authenticated acce
nvd
CVE-2023-25835P3HIGHCVSS 8.4≥ All, ≤ 11.12023-07-21
CVE-2023-25835 [HIGH] CWE-79 CVE-2023-25835: There is a stored Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS Sites versions There is a stored Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS Sites versions 11.1 and below that may allow a remote, authenticated attacker with high‑privileged access to create a crafted link that is persisted within the site configuration. When accessed by a victim, the stored payload may execute arbitrary JavaScript code in the
nvd
CVE-2023-25836P4MEDIUMCVSS 5.4≥ All, ≤ 10.92023-07-21
CVE-2023-25836 [MEDIUM] CWE-79 CVE-2023-25836: There is a Cross-site Scripting vulnerability in Esri Portal for ArcGIS Sites in versions 10.9 and b There is a Cross-site Scripting vulnerability in Esri Portal for ArcGIS Sites in versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are low.
nvd
Esri Portal For Arcgis Sites vulnerabilities | cvebase