CVE-2022-38210

Name of the Vulnerable Software and Affected Versions Esri Portal for ArcGIS versions 10.9.1 and below

Description The issue is a reflected HTML injection that may allow a remote, unauthenticated attacker to create a crafted link. When clicked, this link could render arbitrary HTML in the victim's browser.

Recommendations For Esri Portal for ArcGIS versions 10.9.1 and below, update to a version above 10.9.1 to resolve the issue. At the moment, there is no information about other specific fixes for this vulnerability.