There is a Cross-site Scripting vulnerability in Esri Portal Sites in versions 10.8.1 – 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are low.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Esri
Published: 2023-07-21T03:41:09.485Z
Updated: 2024-08-02T11:32:12.739Z
Reserved: 2023-02-15T17:59:31.097Z
Link: CVE-2023-25836
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-07-21T04:15:11.917
Modified: 2023-08-07T19:33:38.560
Link: CVE-2023-25836
Redhat
No data.