Unrated severityNVD Advisory· Published Apr 4, 2024· Updated Apr 10, 2025
Persistent XSS when creating new application using Web App Builder
CVE-2024-25708
Description
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 10.9.1 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high.
Affected products
2- Range: <=10.9.1
- Esri/ArcGIS Enterprise Web App Builderv5Range: All
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.