PT-2025-34279 · Esri · Esri Portal For Arcgis Enterprise Sites
Lucas Machado
·
Published
2025-08-21
·
Updated
2025-09-05
·
CVE-2025-55103
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 through 11.4
Description:
A stored Cross-site Scripting issue exists in Esri Portal for ArcGIS Enterprise Sites that may allow a remote, authenticated attacker to inject a malicious file containing an XSS script. When loaded, this script could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, and it could lead to the disclosure of a privileged token, potentially granting the attacker full control of the Portal.
Recommendations:
Update Esri Portal for ArcGIS Enterprise Sites to a version prior to 10.9.1 or after 11.4.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Esri Portal For Arcgis Enterprise Sites