Esri

Portal For Arcgis

71 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2023-25836

  • EPSS 0.23%
  • Veröffentlicht 21.07.2023 04:15:11
  • Zuletzt bearbeitet 23.04.2025 19:38:30

There is a Cross-site Scripting vulnerability in Esri Portal for ArcGIS Sites in versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code i...

8.4

CVE-2023-25835

  • EPSS 0.3%
  • Veröffentlicht 21.07.2023 00:15:10
  • Zuletzt bearbeitet 13.02.2026 19:41:21

There is a stored Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS Sites versions 11.1 and below that may allow a remote, authenticated attacker with high‑privileged access to create a crafted link that is persisted within the site ...

5.4

CVE-2023-25833

  • EPSS 0.4%
  • Veröffentlicht 10.05.2023 02:15:08
  • Zuletzt bearbeitet 21.11.2024 07:50:17

There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful ch...

6.1

CVE-2023-25831

  • EPSS 0.3%
  • Veröffentlicht 09.05.2023 21:15:11
  • Zuletzt bearbeitet 23.04.2025 19:38:21

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim...

8.8

CVE-2023-25832

  • EPSS 0.21%
  • Veröffentlicht 09.05.2023 21:15:11
  • Zuletzt bearbeitet 21.11.2024 07:50:17

There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attacker to trick an authorized user into executing unwanted actions.

6.1

CVE-2023-25830

  • EPSS 0.3%
  • Veröffentlicht 09.05.2023 17:15:10
  • Zuletzt bearbeitet 23.04.2025 19:30:11

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and before which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victi...

6.1

CVE-2023-25829

  • EPSS 0.62%
  • Veröffentlicht 09.05.2023 17:15:10
  • Zuletzt bearbeitet 23.04.2025 19:14:28

There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.

5.4

CVE-2023-25834

  • EPSS 0.15%
  • Veröffentlicht 09.05.2023 16:15:14
  • Zuletzt bearbeitet 21.11.2024 07:50:17

Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access.

7.5

CVE-2022-38212

  • EPSS 0.86%
  • Veröffentlicht 29.12.2022 20:15:10
  • Zuletzt bearbeitet 21.11.2024 07:16:04

Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the ...

7.5

CVE-2022-38211

  • EPSS 0.94%
  • Veröffentlicht 29.12.2022 20:15:10
  • Zuletzt bearbeitet 21.11.2024 07:16:04

Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.9.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the ...