21 matches found
CVE-2026-33518
An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected...
EUVD-2025-31606
Malicious code in bioql PyPI...
EUVD-2025-31607
Malicious code in bioql PyPI...
EUVD-2025-31611
Malicious code in bioql PyPI...
EUVD-2025-31608
Malicious code in bioql PyPI...
CVE-2025-57878
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks...
CVE-2025-57874
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser...
CVE-2025-57878
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks...
CVE-2025-57878
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks...
CVE-2025-57874
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser...
CVE-2025-57874
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser...
CVE-2025-57873 BUG-000175222 - Reflected XSS vulnerability in Portal for ArcGIS.
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser...
CVE-2025-57875 BUG-000164122 - Reflected XSS vulnerability in Portal for ArcGIS.
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser...
CVE-2025-57877
CVE-2025-57877 affects Esri Portal for ArcGIS
CVE-2025-57876
CVE-2025-57876 is a stored XSS vulnerability in Esri Portal for ArcGIS 11.4 and earlier. An authenticated attacker with high privileges can inject a file containing an XSS script; when loaded, it could execute arbitrary JavaScript in the victim’s browser and potentially disclose a privileged toke...
CVE-2025-57876 Stored XSS vulnerability in Portal for ArcGIS
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in the victim’s browser. The...
PT-2025-39860
Name of the Vulnerable Software and Affected Versions Esri Portal for ArcGIS versions 11.4 and below Description A reflected cross site scripting issue exists in Esri Portal for ArcGIS. A remote attacker with administrative access can potentially execute arbitrary JavaScript code in a user's...
PT-2025-39864
Name of the Vulnerable Software and Affected Versions Esri Portal for ArcGIS versions 11.4 and below Description A reflected cross site scripting issue exists in Esri Portal for ArcGIS that could allow a remote attacker with administrative access to execute arbitrary JavaScript code in a user's...
PT-2025-39863
Name of the Vulnerable Software and Affected Versions Esri Portal for ArcGIS versions 11.4 and below Description A stored Cross-site Scripting issue exists in Esri Portal for ArcGIS. A remote, authenticated attacker can inject a malicious file containing an XSS script. When loaded, this script...
PT-2024-7831 · Esri · Esri Portal For Arcgis
Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS versions 11.1 and below Description: The issue is related to a reflected cross-site scripting problem, where an attacker could potentially execute arbitrary JavaScript code in their own browser. This could be achieved b...