CVE-2024-25697

Name of the Vulnerable Software and Affected Versions Portal for ArcGIS versions <=11.1

Description The issue is related to a Cross-site Scripting vulnerability that may allow a remote, authenticated attacker to create a crafted link. When an authenticated user opens their bio page, it will render an image in the victim's browser. The privileges required to execute this attack are low.

Recommendations For Portal for ArcGIS versions <=11.1, update to a version greater than 11.1 to resolve the issue. As a temporary workaround, consider restricting access to bio pages for authenticated users until a patch is available.