Esri

Portal For Arcgis

71 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2024-25705

  • EPSS 0.16%
  • Veröffentlicht 04.04.2024 18:15:12
  • Zuletzt bearbeitet 13.02.2026 19:41:39

There is a cross‑site scripting (XSS) vulnerability in Esri Portal for ArcGIS Experience Builder versions 11.1 and below on Windows and Linux that allows a remote, authenticated attacker with low‑privileged access to create a crafted link which, when...

8.5

CVE-2024-25699

  • EPSS 1.62%
  • Veröffentlicht 04.04.2024 18:15:11
  • Zuletzt bearbeitet 13.02.2026 19:41:30

There is a difficult‑to‑exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versions 11.2 and below on Windows and Linux, and ArcGIS Enterprise versions 11.1 and below on Kubernetes, which under unique circumstanc...

6.1

CVE-2024-25698

  • EPSS 0.41%
  • Veröffentlicht 04.04.2024 18:15:11
  • Zuletzt bearbeitet 30.01.2025 16:18:43

There is a reflected cross site scripting vulnerability in the home application in Esri Portal for ArcGIS 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially...

5.4

CVE-2024-25697

  • EPSS 0.27%
  • Veröffentlicht 04.04.2024 18:15:11
  • Zuletzt bearbeitet 10.04.2025 19:15:57

There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link which when opening an authenticated users bio page will render an image in the vict...

4.8

CVE-2024-25696

  • EPSS 0.18%
  • Veröffentlicht 04.04.2024 18:15:10
  • Zuletzt bearbeitet 10.04.2025 19:15:57

There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when accessing the page editor an image will render in the victim’s browser. ...

7.2

CVE-2024-25695

  • EPSS 0.23%
  • Veröffentlicht 04.04.2024 18:15:10
  • Zuletzt bearbeitet 10.04.2025 19:15:57

There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions 11.2 and below that may allow a remote, authenticated attacker to provide input that is not sanitized properly and is rendered in error messages. The are no privileges re...

9.9

CVE-2024-25693

  • EPSS 15.25%
  • Veröffentlicht 04.04.2024 18:15:10
  • Zuletzt bearbeitet 08.01.2025 15:09:41

There is a path traversal in Esri Portal for ArcGIS versions <= 11.2. Successful exploitation may allow a remote, authenticated attacker to traverse the file system to access files or execute code outside of the intended directory. 

5.4

CVE-2024-25692

  • EPSS 0.28%
  • Veröffentlicht 04.04.2024 18:15:09
  • Zuletzt bearbeitet 10.04.2025 19:15:57

There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.1 and below that may in some cases allow a remote, unauthenticated attacker to trick an authorized user into executing unwanted actions via a crafted form. The ...

4.7

CVE-2024-25690

  • EPSS 0.24%
  • Veröffentlicht 04.04.2024 18:15:09
  • Zuletzt bearbeitet 08.01.2025 15:20:46

There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser.

8.4

CVE-2023-25837

  • EPSS 0.39%
  • Veröffentlicht 21.07.2023 04:15:12
  • Zuletzt bearbeitet 13.02.2026 19:41:24

There is a Cross‑Site Scripting (XSS) vulnerability in Esri ArcGIS Enterprise Sites versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which, when clicked by a victim, could result in the execution of arb...