CVE-2024-25690

Name of the Vulnerable Software and Affected Versions Esri Portal for ArcGIS versions 11.1 and below

Description The issue allows a remote, unauthenticated attacker to create a crafted link that, when clicked, could render arbitrary HTML in the victim's browser. This is due to an HTML injection vulnerability.

Recommendations For Esri Portal for ArcGIS versions 11.1 and below, consider restricting access to potentially vulnerable links until a patch is available. As a temporary workaround, consider disabling the rendering of arbitrary HTML in the browser to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.