There is a Cross-site Scripting vulnerability in Esri Portal Sites in versions 10.8.1 – 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are low.
References
Configurations
History
07 Aug 2023, 19:33
Type | Values Removed | Values Added |
---|---|---|
First Time |
Esri
Esri portal For Arcgis |
|
References | (MISC) https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-enterprise-sites-security-patch-is-now-available/ - Vendor Advisory | |
CPE | cpe:2.3:a:esri:portal_for_arcgis:*:*:*:*:*:*:*:* |
21 Jul 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-21 04:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-25836
Mitre link : CVE-2023-25836
CVE.ORG link : CVE-2023-25836
JSON object : View
Products Affected
esri
- portal_for_arcgis
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')