CVE-2023-25837

Опубликовано: 21 июл. 2023

Источник: nvd

CVSS3: 8.4

CVSS3: 4.8

EPSS Низкий

Описание

There is a Cross-site Scripting vulnerability in Esri ArcGIS Enterprise Sites versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked by a victim could potentially execute arbitrary JavaScript code in the target's browser. The privileges required to execute this attack are high.

The impact to Confidentiality, Integrity and Availability are High.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:esri:portal_for_arcgis:*:*:*:*:*:*:*:*

Версия от 10.8.1 (включая) до 10.9 (включая)

EPSS

Процентиль: 34%

0.00135

Низкий

8.4 High

CVSS3

4.8 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-7rhj-qr35-3pvg

CVSS3: 6.8

github

больше 2 лет назад

There is a Cross-site Scripting vulnerability in Esri Portal Sites in versions 10.8.1 – 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are high.

EPSS

Процентиль: 34%

0.00135

Низкий

8.4 High

CVSS3

4.8 Medium

CVSS3

Дефекты

CWE-79