Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Portal_for_arcgis
(Esri)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 32 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-05-09 | CVE-2023-25832 | There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attacker to trick an authorized user into executing unwanted actions. | Portal_for_arcgis | 8.8 | ||
| 2023-05-10 | CVE-2023-25833 | There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or customer data rendered). | Portal_for_arcgis | 5.4 | ||
| 2023-07-21 | CVE-2023-25835 | There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are high. The impact to Confidentiality, Integrity and Availability are High. | Portal_for_arcgis | 4.8 | ||
| 2023-07-21 | CVE-2023-25837 | There is a Cross-site Scripting vulnerability in Esri ArcGIS Enterprise Sites versions 10.8.1 – 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked by a victim could potentially execute arbitrary JavaScript code in the target's browser. The privileges required to execute this attack are high. The impact to Confidentiality, Integrity and Availability are High. | Portal_for_arcgis | 4.8 | ||
| 2021-10-01 | CVE-2021-29109 | A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser. | Portal_for_arcgis | 6.1 | ||
| 2021-10-01 | CVE-2021-29110 | Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application. | Portal_for_arcgis | 5.4 | ||
| 2022-08-15 | CVE-2022-38186 | There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser. | Portal_for_arcgis | 6.1 | ||
| 2021-10-01 | CVE-2021-29108 | There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker who is able to intercept and modify a SAML assertion to impersonate another account (XML Signature Wrapping Attack). In addition patching, Esri also strongly recommends as best practice for SAML assertions to be signed and encrypted. | Portal_for_arcgis | 8.8 | ||
| 2022-12-29 | CVE-2022-38210 | There is a reflected HTML injection vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser. | Portal_for_arcgis | 6.1 | ||
| 2023-07-21 | CVE-2023-25836 | There is a Cross-site Scripting vulnerability in Esri Portal Sites in versions 10.8.1 – 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are low. | Portal_for_arcgis | 5.4 |