There is a Cross-site Scripting vulnerability in Esri ArcGIS Enterprise Sites versions 10.8.1 – 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked by a victim could potentially execute arbitrary JavaScript code in the target's browser. The privileges required to execute this attack are high.
The impact to Confidentiality, Integrity and Availability are High.
Metrics
Affected Vendors & Products
References
History
Tue, 03 Dec 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 08 Oct 2024 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | There is a Cross-site Scripting vulnerability in Esri ArcGIS Enterprise Sites versions 10.8.1 – 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked by a victim could potentially execute arbitrary JavaScript code in the target's browser. The privileges required to execute this attack are high. The impact to Confidentiality, Integrity and Availability are High. | There is a Cross-site Scripting vulnerability in Esri ArcGIS Enterprise Sites versions 10.8.1 – 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked by a victim could potentially execute arbitrary JavaScript code in the target's browser. The privileges required to execute this attack are high. The impact to Confidentiality, Integrity and Availability are High. |
MITRE
Status: PUBLISHED
Assigner: Esri
Published: 2023-07-21T03:42:24.610Z
Updated: 2024-12-03T15:28:19.303Z
Reserved: 2023-02-15T17:59:31.097Z
Link: CVE-2023-25837
Vulnrichment
Updated: 2024-08-02T11:32:12.409Z
NVD
Status : Modified
Published: 2023-07-21T04:15:12.377
Modified: 2024-11-21T07:50:18.000
Link: CVE-2023-25837
Redhat
No data.