PT-2023-20339 · Esri · Esri Portal For Arcgis

Andrew Salazar

Publicado

2023-05-10

Atualizado

2024-02-01

CVE-2023-25833

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Esri Portal for ArcGIS versions 11.0 and below

Description The issue allows a remote, authenticated attacker to create a crafted link that, when clicked, could render arbitrary HTML in the victim’s browser. This does not result in any stateful change or the rendering of customer data.

Recommendations For Esri Portal for ArcGIS versions 11.0 and below, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-80CWE-79

Identificadores relacionados

CVE-2023-25833

Produtos afetados

Esri Portal For Arcgis

PT-2023-20339 · Esri · Esri Portal For Arcgis

CVE-2023-25833

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7