VYPR
Unrated severityNVD Advisory· Published Apr 4, 2024· Updated Apr 10, 2025

Persistent XSS when creating new application using Web App Builder

CVE-2024-25708

Description

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 10.9.1 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.