Esri · Esri Portal For Arcgis Enterprise Sites · CVE-2025-55107
Name of the Vulnerable Software and Affected Versions:
Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 through 11.4
Description:
A stored Cross-site Scripting issue exists in Esri Portal for ArcGIS Enterprise Sites that may allow a remote, authenticated attacker to inject a malicious file containing an XSS script. When loaded, this script could potentially execute arbitrary JavaScript code in the victim’s browser. Successful exploitation could disclose a privileged token, potentially granting the attacker full control of the Portal.
Recommendations:
Update Esri Portal for ArcGIS Enterprise Sites to a version later than 11.4.