Unrated severityNVD Advisory· Published Apr 4, 2024· Updated Apr 10, 2025
HTMLi at createFolder Content Injection
CVE-2024-25706
Description
There is an HTML injection vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL which, when clicked, could potentially generate a message that may entice an unsuspecting victim to visit an arbitrary website. This could simplify phishing attacks.
Affected products
2<=11.0+ 1 more
- (no CPE)range: <=11.0
- (no CPE)range: All
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.