CVE-2024-25700

Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS Enterprise Web App Builder versions 11.1 and below

Description: The issue is a stored Cross-site Scripting vulnerability that may allow a remote, authenticated attacker to create a crafted link stored in a web map link. When clicked, this link could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high.

Recommendations: For Esri Portal for ArcGIS Enterprise Web App Builder versions 11.1 and below, update to a version above 11.1 to resolve the issue. As a temporary workaround, consider restricting access to web map links to minimize the risk of exploitation.