Esri

Portal For Arcgis

73 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2025-57871

  • EPSS 0.21%
  • Veröffentlicht 29.09.2025 19:15:35
  • Zuletzt bearbeitet 17.10.2025 14:08:29

There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the...

4.8

CVE-2025-55107

  • EPSS 0.21%
  • Veröffentlicht 21.08.2025 19:29:59
  • Zuletzt bearbeitet 05.09.2025 15:11:57

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded coul...

4.8

CVE-2025-55106

  • EPSS 0.21%
  • Veröffentlicht 21.08.2025 19:29:37
  • Zuletzt bearbeitet 05.09.2025 15:11:17

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could pote...

4.8

CVE-2025-55105

  • EPSS 0.21%
  • Veröffentlicht 21.08.2025 19:29:01
  • Zuletzt bearbeitet 05.09.2025 15:10:54

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could pote...

4.8

CVE-2025-55104

  • EPSS 0.17%
  • Veröffentlicht 21.08.2025 19:28:43
  • Zuletzt bearbeitet 05.09.2025 15:10:03

A stored cross-site scripting (XSS) vulnerability exists ArcGIS HUB and ArcGIS Enterprise Sites which allows an authenticated user with the ability to create or edit a site to add and store an XSS payload. If this stored XSS payload is triggered by a...

4.8

CVE-2025-55103

  • EPSS 0.21%
  • Veröffentlicht 21.08.2025 19:25:13
  • Zuletzt bearbeitet 05.09.2025 15:09:09

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could pote...

9.1

CVE-2025-4967

  • EPSS 0.4%
  • Veröffentlicht 29.05.2025 20:15:27
  • Zuletzt bearbeitet 15.12.2025 20:15:51

Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated attacker to bypass the Portal’s SSRF protections.

9.8

CVE-2025-2538

  • EPSS 0.54%
  • Veröffentlicht 20.03.2025 21:15:23
  • Zuletzt bearbeitet 10.12.2025 20:16:21

A hardcoded credential vulnerability exists in a specific deployment pattern for Esri Portal for ArcGIS versions 11.4 and below that may allow a remote unauthenticated attacker to gain administrative access to the system.

4.6

CVE-2024-8149

  • EPSS 0.39%
  • Veröffentlicht 04.10.2024 18:15:08
  • Zuletzt bearbeitet 13.02.2026 19:41:27

There is a reflected Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2 that may allow a remote, authenticated attacker with low‑privileged access to create a crafted link which, when clicked, could potentially ...

6.1

CVE-2024-8148

  • EPSS 0.3%
  • Veröffentlicht 04.10.2024 18:15:08
  • Zuletzt bearbeitet 10.04.2025 19:16:00

There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.2 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.