Lucene search

K
cve[email protected]CVE-2022-38186
HistoryAug 15, 2022 - 9:15 p.m.

CVE-2022-38186

2022-08-1521:15:11
CWE-79
web.nvd.nist.gov
58
8
cve
2022
38186
esri
portal
arcgis
reflected xss
vulnerability
nvd
security
remote attacker
javascript

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.5%

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser.

Affected configurations

NVD
Node
esriportal_for_arcgisRange10.8.1

CNA Affected

[
  {
    "platforms": [
      "x64"
    ],
    "product": "Portal for ArcGIS",
    "vendor": "Esri",
    "versions": [
      {
        "lessThanOrEqual": "All",
        "status": "affected",
        "version": "10.8.1",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.5%

Related for CVE-2022-38186