VYPR
Unrated severityNVD Advisory· Published Apr 4, 2024· Updated Apr 10, 2025

HTMLi at createFolder Content Injection

CVE-2024-25706

Description

There is an HTML injection vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL which, when clicked, could potentially generate a message that may entice an unsuspecting victim to visit an arbitrary website. This could simplify phishing attacks.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.