Filtered by vendor Esri Subscriptions
Total 85 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-25830 1 Esri 1 Portal For Arcgis 2024-08-02 6.1 Medium
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
CVE-2023-25834 1 Esri 1 Portal For Arcgis 2024-08-02 5.4 Medium
Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access.
CVE-2023-25837 1 Esri 1 Portal For Arcgis 2024-08-02 8.4 High
There is a Cross-site Scripting vulnerability in Esri ArcGIS Enterprise Sites versions 10.8.1 – 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked by a victim could potentially execute arbitrary JavaScript code in the target's browser.  The privileges required to execute this attack are high.    The impact to Confidentiality, Integrity and Availability are High.
CVE-2023-25831 1 Esri 1 Portal For Arcgis 2024-08-02 6.1 Medium
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
CVE-2023-25838 1 Esri 1 Arcgis Insights 2024-08-02 7.5 High
There is SQL injection vulnerability in Esri ArcGIS Insights 2022.1 for ArcGIS Enterprise and that may allow a remote, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is complex and requires significant effort before a successful attack can be expected.