Lucene search
K

31 matches found

NVD
NVD
added 5 days ago8 views

CVE-2026-13019

Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical function vulnerability allows a remote, unauthenticated attacker to access an unprotected API...

9.8CVSS0.0041EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-56205

Name of the Vulnerable Software and Affected Versions Esri Portal for ArcGIS versions prior to 12.2 Description A weak password recovery mechanism for forgotten passwords allows a remote, unauthorized attacker to assume ownership of a user account by manipulating the recovery process...

9.8CVSS6.1AI score0.00234EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 5 days ago11 views

PT-2026-56204

Name of the Vulnerable Software and Affected Versions Esri Portal for ArcGIS versions prior to 12.2 Description Esri Portal for ArcGIS on Windows, Linux, and Kubernetes contains a flaw where a critical function lacks proper authentication. This allows a remote, unauthenticated attacker to access ...

9.8CVSS6AI score0.0041EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.52 views

Esri Portal for ArcGIS 11.5 < Security 2026 Update 1 Incorrect Privilege Assignment (CVE-2026-33518)

The version of Esri Portal for ArcGIS 11.5 installed is missing Security 2026 Update 1. It is, therefore, affected by a vulnerability: - An incorrect privilege assignment vulnerability exists in Portal for ArcGIS that allows highly privileged users to create developer credentials that may grant...

9.8CVSS5.8AI score0.00295EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/21 9:31 p.m.4 views

EUVD-2026-24339

An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials...

9.8CVSS5.8AI score0.00312EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.9 views

PT-2026-33362

Name of the Vulnerable Software and Affected Versions Esri Portal for ArcGIS versions 11.4 through 12.0 Description An incorrect authorization issue exists where the system fails to correctly check permissions assigned to developer credentials. This flaw allows low-privilege users to generate...

9.8CVSS5.8AI score0.00312EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-31601

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.00232EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/30 6:41 p.m.9 views

CVE-2025-57876

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in the victim’s browser. The...

4.8CVSS6.7AI score0.00207EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/30 6:41 p.m.9 views

CVE-2025-57871

There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser...

4.8CVSS6.6AI score0.00209EPSS
Exploits0References1
CVE
CVE
added 2025/09/29 6:34 p.m.22 views

CVE-2025-57877

CVE-2025-57877 affects Esri Portal for ArcGIS

4.8CVSS6.2AI score0.00209EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/09/29 6:33 p.m.11 views

CVE-2025-57878 BUG-000174149 - The Portal for ArcGIS has an unvalidated redirect.

There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks...

6.1CVSS0.0023EPSS
Exploits0References1
CVE
CVE
added 2025/09/29 6:33 p.m.17 views

CVE-2025-57879

The CVE-2025-57879 entry concerns Esri Portal for ArcGIS 11.4 and earlier with an unvalidated redirect vulnerability. The root cause is a URL manipulation/redirect flaw that can enable a remote, unauthenticated attacker to craft a link directing a victim to an arbitrary site, potentially aiding p...

6.1CVSS6.6AI score0.0023EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/29 6:32 p.m.3 views

CVE-2025-57876 Stored XSS vulnerability in Portal for ArcGIS

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in the victim’s browser. The...

4.8CVSS6.3AI score0.00207EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/29 12:0 a.m.4 views

PT-2025-39862

Name of the Vulnerable Software and Affected Versions Esri Portal for ArcGIS versions 11.4 and below Description A reflected cross site scripting issue exists that could allow a remote authenticated attacker with administrative access to execute arbitrary JavaScript code in the browser by supplyi...

4.8CVSS6.3AI score0.00209EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/21 7:29 p.m.9 views

CVE-2025-55106 BUG-000173171 ArcGIS Enterprise Sites has a Cross-site Scripting vulnerability.

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in th...

4.8CVSS0.00207EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/11/13 12:0 a.m.8 views

The vulnerability of the Portal for ArcGIS web portal, related to the lack of measures taken to protect the structure of the web page, allows attackers to carry out cross-site scripting attacks.

The vulnerability of the Portal for ArcGIS is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created web page...

6.4CVSS5.2AI score0.00311EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/11/13 12:0 a.m.10 views

The vulnerability of the Portal for ArcGIS web portal, related to the lack of protective measures for the website structure, allows attackers to carry out cross-site scripting attacks and gain full control over the application.

The vulnerability of the Portal for ArcGIS is related to the lack of measures taken to protect the web page structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks and gain full control over the application through a specially created web page...

5.5CVSS5.2AI score0.00273EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/11/13 12:0 a.m.9 views

The vulnerability of the Portal for ArcGIS web portal, related to the lack of measures taken to protect the structure of the web page, allows attackers to carry out cross-site scripting attacks.

The vulnerability of the Portal for ArcGIS is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created web page...

5.5CVSS5.2AI score0.00403EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/10/04 6:15 p.m.3 views

CVE-2024-38038

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...

6.1CVSS6AI score0.00311EPSS
Exploits0References1
NCSC
NCSC
added 2024/04/05 12:0 a.m.41 views

Vulnerabilities fixed in Esri Arcgis Portal

Esri has fixed vulnerabilities in Arcgis Portal. A malicious party could exploit the vulnerabilities to launch a Cross-Site Scripting attack, or perform a Cross-Site-Request-Forgery execution. Such attacks can lead to execution of arbitrary code in the victim's browser, or access to sensitive dat...

9.9CVSS7AI score0.01265EPSS
Exploits0
Rows per page
Query Builder