Unrated severityNVD Advisory· Published Apr 4, 2024· Updated Feb 6, 2026
Cross site scripting issue in embed widget
CVE-2024-25705
Description
There is a cross‑site scripting (XSS) vulnerability in Esri Portal for ArcGIS Experience Builder versions 11.1 and below on Windows and Linux that allows a remote, authenticated attacker with low‑privileged access to create a crafted link which, when clicked, could potentially execute arbitrary JavaScript code in the victim’s browser. Exploitation requires basic authenticated access but does not require elevated or administrative privileges, indicating low privileges are required.
Affected products
2- Range: <=11.1
- Range: all
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.