There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or customer data rendered).
Metrics
Affected Vendors & Products
References
History
Tue, 15 Oct 2024 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-79 | |
CPEs | cpe:2.3:a:esri:portal_for_arcgis:*:*:*:*:*:*:*:* |
Mon, 07 Oct 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Esri
Esri portal For Arcgis |
|
CPEs | cpe:2.3:a:esri:portal_for_arcgis:-:*:*:*:*:*:*:* | |
Vendors & Products |
Esri
Esri portal For Arcgis |
|
Metrics |
ssvc
|
Fri, 04 Oct 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or customer data rendered). | |
Title | BUG-000161683 - HTML injection vulnerability in Portal for ArcGIS. | |
Weaknesses | CWE-80 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Esri
Published: 2024-10-04T17:13:13.811Z
Updated: 2024-10-08T16:43:18.350Z
Reserved: 2024-06-11T21:55:47.327Z
Link: CVE-2024-38039
Vulnrichment
Updated: 2024-10-04T19:47:55.266Z
NVD
Status : Analyzed
Published: 2024-10-04T18:15:07.633
Modified: 2024-10-15T14:34:00.893
Link: CVE-2024-38039
Redhat
No data.