25 matches found
EUVD-2025-28581
Malicious code in bioql PyPI...
EUVD-2025-28579
Malicious code in bioql PyPI...
CVE-2025-55106
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in th...
CVE-2025-55105
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in th...
CVE-2025-55107
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in th...
CVE-2025-55106
CVE-2025-55106 concerns Esri Portal for ArcGIS Enterprise Sites, affected versions 10.9.1–11.4. A stored cross-site scripting vulnerability exists where an authenticated user can inject a malicious file containing an XSS script; when the file is loaded, it may execute arbitrary JavaScript in the ...
CVE-2025-55106 BUG-000173171 ArcGIS Enterprise Sites has a Cross-site Scripting vulnerability.
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in th...
CVE-2025-55105 BUG-000177336 - ArcGIS Enterprise Sites has a stored Cross-site Scripting vulnerability.
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in th...
PT-2025-34279 · Esri · Esri Portal For Arcgis Enterprise Sites
Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 through 11.4 Description: A stored Cross-site Scripting issue exists in Esri Portal for ArcGIS Enterprise Sites that may allow a remote, authenticated attacker to inject a malicious file...
PT-2025-34283 · Esri · Esri Portal For Arcgis Enterprise Sites
Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 through 11.4 Description: A stored Cross-site Scripting issue exists in Esri Portal for ArcGIS Enterprise Sites that may allow a remote, authenticated attacker to inject a malicious file...
PT-2025-34281 · Esri · Esri Portal For Arcgis Enterprise Sites
Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 through 11.4 Description: A stored Cross-site Scripting issue exists that may allow a remote, authenticated attacker to inject a malicious file containing an XSS script. When loaded, thi...
Esri ArcGIS Server File Inclusion Vulnerability
Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A file inclusion vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by a remote, unauthenticated attacker to read internal files due to a failure...
CVE-2024-51957
CVE-2024-51957 is a Stored XSS vulnerability in Esri ArcGIS Server versions 10.9.1 through 11.3. An authenticated attacker with publisher capabilities can create a specially crafted link that, when clicked by a victim, may execute arbitrary JavaScript in the browser. Impact is described as low to...
CVE-2024-51944 Stored XSS in Rest Services Directory
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...
Esri ArcGIS Server 访问控制错误漏洞
Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. An Access Control Error vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which stems from improper access control and can be exploited by a remote, low-privilege...
Esri ArcGIS Server 跨站脚本漏洞
Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...
Esri ArcGIS Server 跨站脚本漏洞
Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...
Esri ArcGIS Server 跨站脚本漏洞
Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...
Esri ArcGIS Server 跨站脚本漏洞
Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...
Esri ArcGIS Server 跨站脚本漏洞
Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...