3237 matches found
CVE-2024-8149
There is a reflected Cross‑Site Scripting XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2 that may allow a remote, authenticated attacker with low‑privileged access to create a crafted link which, when clicked, could potentially execute arbitrary JavaScript code in the victim’s...
CVE-2024-25707
There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript code in the their own browser Self XSS. A...
CVE-2024-38036
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...
CVE-2024-25691
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...
CVE-2024-38038
Summary: CVE-2024-38038 is a reflected XSS in Esri Portal for ArcGIS. The vulnerability affects ArcGIS Portal versions 11.1 and can be triggered by a crafted, unauthenticated link that may execute JavaScript in the victim’s browser. The issue is documented across multiple sources (NVD/CVE records...
CVE-2024-25691 BUG-000165286 - Reflected XSS in Portal for ArcGIS
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...
CVE-2024-25691 BUG-000165286 - Reflected XSS in Portal for ArcGIS
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...
CVE-2024-25701
CVE-2024-25701 is a stored XSS vulnerability in Esri Portal for ArcGIS Enterprise Experience Builder, affecting versions 10.8.1–11.1 (per connected sources). An authenticated, remote attacker can craft a link stored in the Experience Builder Embed widget, which when loaded may execute arbitrary J...
CVE-2024-25707
CVE-2024-25707 is a reflected cross-site scripting vulnerability in Esri Portal for ArcGIS 11.1 and earlier. The issue allows an authenticated user with administrative privileges to supply a crafted string that could cause arbitrary JavaScript execution in their own browser (Self XSS). The vulner...
CVE-2024-25707 BUG-000160241 - Reflected XSS in Portal for ArcGIS
There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript code in the their own browser Self XSS. A...
CVE-2024-8149 BUG-000168624 - Unvalidated redirect in Portal for ArcGIS.
There is a reflected Cross‑Site Scripting XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2 that may allow a remote, authenticated attacker with low‑privileged access to create a crafted link which, when clicked, could potentially execute arbitrary JavaScript code in the victim’s...
CVE-2024-8149
CVE-2024-8149 describes a reflected Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2. The flaw allows a remote, authenticated attacker with low privileges to craft a link that, when clicked by a victim, could execute arbitrary JavaScript in the victim’s br...
Esri Portal For ArcGIS 跨站脚本漏洞
Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. Esri Portal For ArcGIS suffers from a cross-site scripting vulnerability that can be...
Esri Portal For ArcGIS 跨站脚本漏洞
Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. Esri Portal For ArcGIS suffers from a cross-site scripting vulnerability that can be...
Esri Portal For ArcGIS 跨站脚本漏洞
Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A cross-site scripting vulnerability exists in Esri Portal For ArcGIS, which can be...
Esri Portal For ArcGIS 跨站脚本漏洞
Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A cross-site scripting vulnerability exists in Esri Portal For ArcGIS, which can be...
Esri Portal For ArcGIS 跨站脚本漏洞
Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A cross-site scripting vulnerability exists in Esri Portal For ArcGIS that stems from...
Esri Portal For ArcGIS 跨站脚本漏洞
Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. Esri Portal For ArcGIS suffers from a cross-site scripting vulnerability that can be...
Esri Portal For ArcGIS 跨站脚本漏洞
Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. Esri Portal For ArcGIS suffers from a cross-site scripting vulnerability that can be...
SUSE CVE-2024-9393
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full...