CVE-2024-25709

Name of the Vulnerable Software and Affected Versions Esri Portal for ArcGIS versions 10.8.1 through 10.8.1 – 1121

Description The issue is a stored Cross-site Scripting vulnerability that may allow a remote, authenticated attacker to create a crafted link that can be saved as a new location when moving an existing item, potentially executing arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high.

Recommendations For Esri Portal for ArcGIS versions 10.8.1 through 10.8.1 – 1121, at the moment, there is no information about a newer version that contains a fix for this vulnerability.