Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Portal_for_arcgis
(Esri)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 55 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-04-04 | CVE-2024-25695 | There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions <= 11.2 that may allow a remote, authenticated attacker to provide input that is not sanitized properly and is rendered in error messages. The are no privileges required to execute this attack. | Portal_for_arcgis | 7.2 | ||
| 2024-04-04 | CVE-2024-25697 | There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions <=11.1 that may allow a remote, authenticated attacker to create a crafted link which when opening an authenticated users bio page will render an image in the victims browser. The privileges required to execute this attack are low. | Portal_for_arcgis | 5.4 | ||
| 2024-04-04 | CVE-2024-25706 | There is an HTML injection vulnerability in Esri Portal for ArcGIS <=11.0 that may allow a remote, unauthenticated attacker to craft a URL which, when clicked, could potentially generate a message that may entice an unsuspecting victim to visit an arbitrary website. This could simplify phishing attacks. | Portal_for_arcgis | 6.1 | ||
| 2024-10-04 | CVE-2024-38036 | There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. | Portal_for_arcgis | 5.4 | ||
| 2021-10-01 | CVE-2021-29108 | There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker who is able to intercept and modify a SAML assertion to impersonate another account (XML Signature Wrapping Attack). In addition patching, Esri also strongly recommends as best practice for SAML assertions to be signed and encrypted. | Portal_for_arcgis | N/A | ||
| 2021-10-01 | CVE-2021-29109 | A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser. | Portal_for_arcgis | 6.1 | ||
| 2021-10-01 | CVE-2021-29110 | Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application. | Portal_for_arcgis | 5.4 | ||
| 2022-08-15 | CVE-2022-38186 | There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser. | Portal_for_arcgis | 6.1 | ||
| 2022-08-15 | CVE-2022-38187 | Prior to version 10.9.0, the sharing/rest/content/features/analyze endpoint is always accessible to anonymous users, which could allow an unauthenticated attacker to induce Esri Portal for ArcGIS to read arbitrary URLs. | Portal_for_arcgis | 7.5 | ||
| 2022-08-15 | CVE-2022-38188 | There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser. | Portal_for_arcgis | 6.1 |