VYPR
Unrated severityNVD Advisory· Published Oct 4, 2024· Updated Apr 10, 2025

BUG-000160241 - Reflected XSS in Portal for ArcGIS

CVE-2024-25707

Description

There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript code in the their own browser (Self XSS). A user cannot be phished into clicking a link to execute code.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.