PT-2022-24269 · Esri · Esri Portal For Arcgis
Published
2022-08-15
·
Updated
2023-06-27
·
CVE-2022-38191
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Esri Portal for ArcGIS versions 10.9.0 and below
Description
The issue is an HTML injection problem that may allow a remote, authenticated attacker to inject HTML into some locations in the home application. This could potentially be exploited by attackers to manipulate the application's behavior or display malicious content.
Recommendations
For Esri Portal for ArcGIS versions 10.9.0 and below, consider restricting access to the home application until a patch is available. As a temporary workaround, disabling the ability to inject HTML into the application may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Special Elements Injection
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Esri Portal For Arcgis