Описание
There is a Cross-site Scripting vulnerability in Esri Portal for ArcGIS Sites in versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are low.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 10.8.1 (включая) до 10.9 (включая)
cpe:2.3:a:esri:portal_for_arcgis:*:*:*:*:*:*:*:*
EPSS
Процентиль: 46%
0.0023
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 2 лет назад
There is a Cross-site Scripting vulnerability in Esri Portal Sites in versions 10.8.1 – 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are low.
EPSS
Процентиль: 46%
0.0023
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79