Esri · Esri Portal For Arcgis · CVE-2023-25830
**Name of the Vulnerable Software and Affected Versions**
Esri Portal for ArcGIS versions 10.7.1 through 10.9.1
**Description**
The issue allows a remote, unauthenticated attacker to create a crafted link that, when clicked, could potentially execute arbitrary JavaScript code in the victim's browser. This is a result of a reflected XSS vulnerability.
**Recommendations**
For Esri Portal for ArcGIS versions 10.7.1, 10.8.1, and 10.9.1, update to a version that includes a fix for this issue.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.