CVE-2025-55105

Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 through 11.4

Description: A stored Cross-site Scripting issue exists that may allow a remote, authenticated attacker to inject a malicious file containing an XSS script. When loaded, this script could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high, and it could lead to the disclosure of a privileged token, potentially granting the attacker full control of the Portal.

Recommendations: For Esri Portal for ArcGIS Enterprise Sites version 10.9.1, apply a fix or upgrade to a newer, unaffected version. For Esri Portal for ArcGIS Enterprise Sites version 10.9.2, apply a fix or upgrade to a newer, unaffected version. For Esri Portal for ArcGIS Enterprise Sites version 10.9.3, apply a fix or upgrade to a newer, unaffected version. For Esri Portal for ArcGIS Enterprise Sites version 10.9.4, apply a fix or upgrade to a newer, unaffected version. For Esri Portal for ArcGIS Enterprise Sites version 10.9.5, apply a fix or upgrade to a newer, unaffected version. For Esri Portal for ArcGIS Enterprise Sites version 10.9.6, apply a fix or upgrade to a newer, unaffected version. For Esri Portal for ArcGIS Enterprise Sites version 10.9.7, apply a fix or upgrade to a newer, unaffected version. For Esri Portal for ArcGIS Enterprise Sites version 10.9.8, apply a fix or upgrade to a newer, unaffected version. For Esri Portal for ArcGIS Enterprise Sites version 10.9.9, apply a fix or upgrade to a newer, unaffected version. For Esri Portal for ArcGIS Enterprise Sites version 11.0, apply a fix or upgrade to a newer, unaffected version. For Esri Portal for ArcGIS Enterprise Sites version 11.1, apply a fix or upgrade to a newer, unaffected version. For Esri Portal for ArcGIS Enterprise Sites version 11.2, apply a fix or upgrade to a newer, unaffected version. For Esri Portal for ArcGIS Enterprise Sites version 11.3, apply a fix or upgrade to a newer, unaffected version. For Esri Portal for ArcGIS Enterprise Sites version 11.4, apply a fix or upgrade to a newer, unaffected version.