Unrated severityNVD Advisory· Published Apr 4, 2024· Updated Feb 6, 2026
Self-XSS style in move item dialog
CVE-2024-25709
Description
There is a stored Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS versions 11.2 and below that may allow a remote, authenticated attacker to create a crafted link that can be saved as a new location when moving an existing item, which could potentially execute arbitrary JavaScript code in a victim’s browser. Exploitation does not require any privileges and can be performed by an anonymous user.
Affected products
2<=11.2+ 1 more
- (no CPE)range: <=11.2
- (no CPE)range: All
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.