EsriCVE-2023-25837CVE-2023-25837
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
26.5%
There is a Cross-site Scripting vulnerability in Esri ArcGIS Enterprise Sites versions 10.8.1 – 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked by a victim could potentially execute arbitrary JavaScript code in the target’s browser. The privileges required to execute this attack are high.
The impact to Confidentiality, Integrity and Availability are High.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| esri | portal_for_arcgis | * | cpe:2.3:a:esri:portal_for_arcgis:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit"
],
"product": "Portal sites",
"vendor": "Esri",
"versions": [
{
"lessThanOrEqual": "10.9",
"status": "affected",
"version": "10.8.1",
"versionType": "Portal for ArcGIS Enterprise Sites Security Patch"
}
]
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
26.5%