Описание
There is an HTML injection vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL which, when clicked, could potentially generate a message that may entice an unsuspecting victim to visit an arbitrary website. This could simplify phishing attacks.
Уязвимые конфигурации
Конфигурация 1Версия до 11.0 (включая)
cpe:2.3:a:esri:portal_for_arcgis:*:*:*:*:*:*:*:*
EPSS
Процентиль: 61%
0.00419
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-94
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
почти 2 года назад
There is an HTML injection vulnerability in Esri Portal for ArcGIS <=11.0 that may allow a remote, unauthenticated attacker to craft a URL which, when clicked, could potentially generate a message that may entice an unsuspecting victim to visit an arbitrary website. This could simplify phishing attacks.
EPSS
Процентиль: 61%
0.00419
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-94
CWE-79