Gustavo Silva

**Name of the Vulnerable Software and Affected Versions** Esri Portal for ArcGIS (affected versions not specified) **Description** A stored Cross Site Scripting (XSS) issue may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Esri Portal for ArcGIS (affected versions not specified) **Description** A stored Cross Site Scripting (XSS) issue may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries, potentially executing arbitrary JavaScript code in the user’s browser. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Anda app (affected versions not specified) **Description** The issue concerns the server API in the Anda app, which relies on hardcoded credentials. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.