CVE-2024-25709

Опубликовано: 04 апр. 2024

Источник: nvd

CVSS3: 6.1

CVSS3: 4.8

EPSS Низкий

Описание

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS versions 11.2 and below that may allow a remote, authenticated attacker to create a crafted link that can be saved as a new location when moving an existing item which will potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high.

Ссылки

https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2024-update-1/
Not Applicable

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:esri:portal_for_arcgis:10.8.1:*:*:*:*:*:*:*

cpe:2.3:a:esri:portal_for_arcgis:10.9.1:*:*:*:*:*:*:*

cpe:2.3:a:esri:portal_for_arcgis:11.0:*:*:*:*:*:*:*

cpe:2.3:a:esri:portal_for_arcgis:11.1:*:*:*:*:*:*:*

cpe:2.3:a:esri:portal_for_arcgis:11.2:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 18%

0.00058

Низкий

6.1 Medium

CVSS3

4.8 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-8fvm-73q4-3j6f

CVSS3: 6.1

github

почти 2 года назад

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS versions 10.8.1 – 1121 that may allow a remote, authenticated attacker to create a crafted link that can be saved as a new location when moving an existing item which will potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high.

EPSS

Процентиль: 18%

0.00058

Низкий

6.1 Medium

CVSS3

4.8 Medium

CVSS3

Дефекты

CWE-79