CVE-2025-67712 HTML injection issue in ArcGIS Web App Builder

There is an HTML injection issue in Esri ArcGIS Web AppBuilder developer edition versions prior to 2.30 that allows a remote, unauthenticated attacker to potentially entice a user to click a link that causes arbitrary HTML to render in a victim's browser. There is no evidence of JavaScript...

CVE-2024-25708

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 10.9.1 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s...

CVE-2024-25708

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 10.9.1 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s...

CVE-2024-25700

The CVE concerns Esri Portal for ArcGIS Enterprise Web App Builder (versions 11.1 and below). A stored Cross-site Scripting (XSS) condition can arise when an attacker with high privileges creates a crafted link stored in a web map; when clicked, it could execute arbitrary JavaScript in the victim...

CVE-2024-25708

Esri Portal for ArcGIS Enterprise Web App Builder (versions 10.9.1 and below) is affected by a stored Cross-site Scripting vulnerability. The issue allows a remote, authenticated attacker to create a crafted link that, when clicked, could execute arbitrary JavaScript in the victim’s browser. The ...

CVE-2024-25708 Persistent XSS when creating new application using Web App Builder

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 10.9.1 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s...

PT-2024-21104 · Esri · Esri Portal For Arcgis Enterprise Web App Builder

Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS Enterprise Web App Builder versions 10.8.1 through 10.9.1 Description: The issue is a stored Cross-site Scripting vulnerability that may allow a remote, authenticated attacker to create a crafted link which, when clicke...

PT-2024-21099 · Esri · Arcgis Enterprise Builder

Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS Enterprise Web App Builder versions 11.1 and below Description: The issue is a stored Cross-site Scripting vulnerability that may allow a remote, authenticated attacker to create a crafted link stored in a web map link...