There is a Cross-site Scripting vulnerability in Esri ArcGIS Enterprise Sites versions 10.8.1 – 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked by a victim could potentially execute arbitrary JavaScript code in the target's browser.  The privileges required to execute this attack are high.    The impact to Confidentiality, Integrity and Availability are High.
History

Tue, 03 Dec 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 08 Oct 2024 16:45:00 +0000

Type Values Removed Values Added
Description There is a Cross-site Scripting vulnerability in Esri ArcGIS Enterprise Sites versions 10.8.1 – 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked by a victim could potentially execute arbitrary JavaScript code in the target's browser.  The privileges required to execute this attack are high.    The impact to Confidentiality, Integrity and Availability are High. There is a Cross-site Scripting vulnerability in Esri ArcGIS Enterprise Sites versions 10.8.1 – 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked by a victim could potentially execute arbitrary JavaScript code in the target's browser.  The privileges required to execute this attack are high.    The impact to Confidentiality, Integrity and Availability are High.

cve-icon MITRE

Status: PUBLISHED

Assigner: Esri

Published: 2023-07-21T03:42:24.610Z

Updated: 2024-12-03T15:28:19.303Z

Reserved: 2023-02-15T17:59:31.097Z

Link: CVE-2023-25837

cve-icon Vulnrichment

Updated: 2024-08-02T11:32:12.409Z

cve-icon NVD

Status : Modified

Published: 2023-07-21T04:15:12.377

Modified: 2024-11-21T07:50:18.000

Link: CVE-2023-25837

cve-icon Redhat

No data.