Unrated severityNVD Advisory· Published Apr 4, 2024· Updated Apr 10, 2025
HTML injection in ArcGIS Web AppBuilder
CVE-2024-25690
Description
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser.
Affected products
2- Range: <=11.1
- Esri/ArcGIS Enterprise Web App Builderv5Range: all
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.