Описание
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or customer data rendered).
Ссылки
- Release Notes
- PatchVendor Advisory
- Release Notes
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 11.0 (включая)
cpe:2.3:a:esri:portal_for_arcgis:*:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.00318
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-80
CWE-79
Связанные уязвимости
CVSS3: 4.1
github
больше 2 лет назад
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or customer data rendered).
EPSS
Процентиль: 54%
0.00318
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-80
CWE-79