There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victims browser.  The privileges required to execute this attack are high. The impact to Confidentiality, Integrity and Availability are High.
History

Tue, 03 Dec 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 08 Oct 2024 16:45:00 +0000

Type Values Removed Values Added
Description There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victims browser.  The privileges required to execute this attack are high. The impact to Confidentiality, Integrity and Availability are High.  There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victims browser.  The privileges required to execute this attack are high. The impact to Confidentiality, Integrity and Availability are High.

cve-icon MITRE

Status: PUBLISHED

Assigner: Esri

Published: 2023-07-20T23:30:50.190Z

Updated: 2024-12-03T15:22:56.345Z

Reserved: 2023-02-15T17:59:31.097Z

Link: CVE-2023-25835

cve-icon Vulnrichment

Updated: 2024-08-02T11:32:12.618Z

cve-icon NVD

Status : Modified

Published: 2023-07-21T00:15:10.343

Modified: 2024-11-21T07:50:17.737

Link: CVE-2023-25835

cve-icon Redhat

No data.