PT-2025-34280 · Esri · Arcgis Hub+1
Published
2025-08-21
·
Updated
2025-09-05
·
CVE-2025-55104
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
ArcGIS HUB and ArcGIS Enterprise Sites versions prior to 11.4
Description:
A stored cross-site scripting (XSS) vulnerability exists that allows an authenticated user with the ability to create or edit a site to add and store an XSS payload. If this stored XSS payload is triggered, attacker-supplied JavaScript may execute in the victim's browser.
Recommendations:
Update ArcGIS HUB and ArcGIS Enterprise Sites to version 11.4 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Esri Arcgis Enterprise Sites
Arcgis Hub