Описание
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser.
Уязвимые конфигурации
Конфигурация 1Версия до 11.1 (включая)
Одновременно
cpe:2.3:a:esri:portal_for_arcgis:*:*:*:*:*:*:*:*
Одно из
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
EPSS
Процентиль: 47%
0.0024
Низкий
4.7 Medium
CVSS3
Дефекты
CWE-80
CWE-79
Связанные уязвимости
CVSS3: 4.7
github
почти 2 года назад
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser.
EPSS
Процентиль: 47%
0.0024
Низкий
4.7 Medium
CVSS3
Дефекты
CWE-80
CWE-79