CVE-2025-57877

Опубликовано: 29 сент. 2025

Источник: nvd

CVSS3: 4.8

EPSS Низкий

Описание

There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser.

Ссылки

https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2025-update-3-patch
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:esri:portal_for_arcgis:10.9.1:-:*:*:*:*:*:*

cpe:2.3:a:esri:portal_for_arcgis:10.9.1:security_2025_update1:*:*:*:*:*:*

cpe:2.3:a:esri:portal_for_arcgis:10.9.1:security_2025_update2:*:*:*:*:*:*

cpe:2.3:a:esri:portal_for_arcgis:11.0:*:*:*:*:*:*:*

cpe:2.3:a:esri:portal_for_arcgis:11.1:-:*:*:*:*:*:*

cpe:2.3:a:esri:portal_for_arcgis:11.1:security_2024_update1:*:*:*:*:*:*

cpe:2.3:a:esri:portal_for_arcgis:11.1:security_2024_update2:*:*:*:*:*:*

cpe:2.3:a:esri:portal_for_arcgis:11.1:security_2025_update1:*:*:*:*:*:*

cpe:2.3:a:esri:portal_for_arcgis:11.1:security_2025_update2:*:*:*:*:*:*

cpe:2.3:a:esri:portal_for_arcgis:11.2:-:*:*:*:*:*:*

cpe:2.3:a:esri:portal_for_arcgis:11.2:security_2024_update1:*:*:*:*:*:*

cpe:2.3:a:esri:portal_for_arcgis:11.2:security_2024_update2:*:*:*:*:*:*

cpe:2.3:a:esri:portal_for_arcgis:11.2:security_2025_update1:*:*:*:*:*:*

cpe:2.3:a:esri:portal_for_arcgis:11.2:security_2025_update2:*:*:*:*:*:*

cpe:2.3:a:esri:portal_for_arcgis:11.3:-:*:*:*:*:*:*

cpe:2.3:a:esri:portal_for_arcgis:11.3:security_2025_update1:*:*:*:*:*:*

cpe:2.3:a:esri:portal_for_arcgis:11.3:security_2025_update2:*:*:*:*:*:*

cpe:2.3:a:esri:portal_for_arcgis:11.4:-:*:*:*:*:*:*

cpe:2.3:a:esri:portal_for_arcgis:11.4:security_2025_update1:*:*:*:*:*:*

cpe:2.3:a:esri:portal_for_arcgis:11.4:security_2025_update2:*:*:*:*:*:*

EPSS

Процентиль: 14%

0.00045

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-hwfv-25jm-mmw6