2 matches found
Code injection
Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access...
PT-2022-24288 · Esri · Esri Portal For Arcgis
Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS versions 10.9.1 and below Description: The issue is a reflected HTML injection that may allow a remote, unauthenticated attacker to create a crafted link. When clicked, this link could render arbitrary HTML in the...