PT-2025-39863 · Esri · Esri Portal For Arcgis
Published
2025-09-29
·
Updated
2025-10-17
·
CVE-2025-57876
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Esri Portal for ArcGIS versions 11.4 and below
Description
A stored Cross-site Scripting issue exists in Esri Portal for ArcGIS. A remote, authenticated attacker can inject a malicious file containing an XSS script. When loaded, this script could execute arbitrary JavaScript code in the victim’s browser. The attacker requires high privileges to execute this attack. Successful exploitation could lead to the disclosure of a privileged token, potentially granting the attacker full control of the Portal.
Recommendations
Update Esri Portal for ArcGIS to a version higher than 11.4.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Esri Portal For Arcgis