CVE-2024-8149

Name of the Vulnerable Software and Affected Versions Esri Portal for ArcGIS versions 11.1 and 11.2

Description The issue is related to a reflected XSS vulnerability, which may allow a remote, unauthenticated attacker to create a crafted link that, when clicked, could potentially execute arbitrary JavaScript code in the victim's browser. This vulnerability is associated with the failure to protect the web page structure, potentially enabling cross-site scripting attacks through a specially crafted web page.

Recommendations For Esri Portal for ArcGIS versions 11.1 and 11.2, consider disabling any features that may be exploited through cross-site scripting until a patch is available. Restrict access to potentially vulnerable modules or functions to minimize the risk of exploitation. Avoid using links or clicking on untrusted sources to prevent potential execution of arbitrary JavaScript code. At the moment, there is no information about a newer version that contains a fix for this vulnerability.