There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are high. The impact to Confidentiality, Integrity and Availability are High.
Metrics
Affected Vendors & Products
References
History
Tue, 03 Dec 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 08 Oct 2024 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are high. The impact to Confidentiality, Integrity and Availability are High. | There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are high. The impact to Confidentiality, Integrity and Availability are High. |
MITRE
Status: PUBLISHED
Assigner: Esri
Published: 2023-07-20T23:30:50.190Z
Updated: 2024-12-03T15:22:56.345Z
Reserved: 2023-02-15T17:59:31.097Z
Link: CVE-2023-25835
Vulnrichment
Updated: 2024-08-02T11:32:12.618Z
NVD
Status : Modified
Published: 2023-07-21T00:15:10.343
Modified: 2024-11-21T07:50:17.737
Link: CVE-2023-25835
Redhat
No data.