There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions <=11.0 that may allow a remote, authenticated attacker to create a crafted link which when accessing the page editor an image will render in the victim’s browser. The privileges required to execute this attack are high.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Esri
Published: 2024-04-04T17:53:55.765Z
Updated: 2024-08-01T23:52:06.106Z
Reserved: 2024-02-09T19:07:07.976Z
Link: CVE-2024-25696
Vulnrichment
Updated: 2024-04-22T17:39:24.817Z
NVD
Status : Awaiting Analysis
Published: 2024-04-04T18:15:10.757
Modified: 2024-04-19T23:15:09.930
Link: CVE-2024-25696
Redhat
No data.