3 matches found
CVE-2023-25837
There is a Cross‑Site Scripting XSS vulnerability in Esri ArcGIS Enterprise Sites versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which, when clicked by a victim, could result in the execution of arbitrary JavaScript code in the target’s browser...
CVE-2023-25837 BUG-000133088 - ArcGIS Enterprise site builder is subject to stored XSS.
There is a Cross‑Site Scripting XSS vulnerability in Esri ArcGIS Enterprise Sites versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which, when clicked by a victim, could result in the execution of arbitrary JavaScript code in the target’s browser...
CVE-2023-25837
Esri ArcGIS Enterprise Sites (versions 10.9 and below) contain a Cross‑Site Scripting (XSS) vulnerability that can be triggered by a crafted link, potentially executing arbitrary JavaScript in a victim’s browser. The issue requires high‑privileged authenticated access and, if exploited, may expos...