4 matches found
CVE-2024-25700
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in a web map link which when clicked could potentially execute arbitrary...
CVE-2024-25700
The CVE concerns Esri Portal for ArcGIS Enterprise Web App Builder (versions 11.1 and below). A stored Cross-site Scripting (XSS) condition can arise when an attacker with high privileges creates a crafted link stored in a web map; when clicked, it could execute arbitrary JavaScript in the victim...
CVE-2024-25700 Persistent XSS in URL added to a shared map
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in a web map link which when clicked could potentially execute arbitrary...
CVE-2024-25700 Persistent XSS in URL added to a shared map
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in a web map link which when clicked could potentially execute arbitrary...