There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are high. The impact to Confidentiality, Integrity and Availability are High.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Esri
Published: 2023-07-20T23:30:50.190Z
Updated: 2024-08-02T11:32:12.618Z
Reserved: 2023-02-15T17:59:31.097Z
Link: CVE-2023-25835
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-07-21T00:15:10.343
Modified: 2024-01-29T22:15:08.103
Link: CVE-2023-25835
Redhat
No data.