Unrated severityNVD Advisory· Published Sep 29, 2025· Updated Sep 29, 2025
BUG-000161627 - Reflected XSS vulnerability in Portal for ArcGIS. (11.3, 11.1, 10.9.1)
CVE-2025-57874
Description
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser.
Affected products
2<=11.4+ 1 more
- (no CPE)range: <=11.4
- (no CPE)range: 10.9.1
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.