There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript code in the their own browser (Self XSS). A user cannot be phished into clicking a link to execute code.
Metrics
Affected Vendors & Products
References
History
Tue, 15 Oct 2024 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Linux
Linux linux Kernel Microsoft Microsoft windows |
|
CPEs | cpe:2.3:a:esri:portal_for_arcgis:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
|
Vendors & Products |
Linux
Linux linux Kernel Microsoft Microsoft windows |
Mon, 07 Oct 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Esri
Esri portal For Arcgis |
|
CPEs | cpe:2.3:a:esri:portal_for_arcgis:-:*:*:*:*:*:*:* | |
Vendors & Products |
Esri
Esri portal For Arcgis |
|
Metrics |
ssvc
|
Fri, 04 Oct 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript code in the their own browser (Self XSS). A user cannot be phished into clicking a link to execute code. | |
Title | BUG-000160241 - Reflected XSS in Portal for ArcGIS | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Esri
Published: 2024-10-04T17:16:47.983Z
Updated: 2024-10-08T16:42:03.491Z
Reserved: 2024-02-09T19:08:35.888Z
Link: CVE-2024-25707
Vulnrichment
Updated: 2024-10-04T18:55:33.818Z
NVD
Status : Analyzed
Published: 2024-10-04T18:15:06.790
Modified: 2024-10-15T14:34:43.597
Link: CVE-2024-25707
Redhat
No data.