VYPR

Portal For Arcgis

by Esri

CVEs (67)

  • CVE-2024-38038MedOct 4, 2024
    risk 0.40cvss 6.1epss 0.00

    There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.

  • CVE-2024-38037MedOct 4, 2024
    risk 0.40cvss 6.1epss 0.00

    There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.

  • CVE-2024-25691MedOct 4, 2024
    risk 0.40cvss 6.1epss 0.00

    There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.

  • CVE-2024-25709MedApr 4, 2024
    risk 0.40cvss 6.1epss 0.00

    There is a stored Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS versions 11.2 and below that may allow a remote, authenticated attacker to create a crafted link that can be saved as a new location when moving an existing item, which could potentially…

  • CVE-2024-25706MedApr 4, 2024
    risk 0.40cvss 6.1epss 0.00

    There is an HTML injection vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL which, when clicked, could potentially generate a message that may entice an unsuspecting victim to visit an arbitrary website. This…

  • CVE-2024-25698MedApr 4, 2024
    risk 0.40cvss 6.1epss 0.00

    There is a reflected cross site scripting vulnerability in the home application in Esri Portal for ArcGIS 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript…

  • CVE-2023-25831MedMay 9, 2023
    risk 0.40cvss 6.1epss 0.01

    There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.

  • CVE-2023-25830MedMay 9, 2023
    risk 0.40cvss 6.1epss 0.01

    There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and before which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.

  • CVE-2023-25829MedMay 9, 2023
    risk 0.40cvss 6.1epss 0.00

    There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.

  • CVE-2022-38210MedDec 29, 2022
    risk 0.40cvss 6.1epss 0.00

    There is a reflected HTML injection vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser.

  • CVE-2022-38209MedDec 29, 2022
    risk 0.40cvss 6.1epss 0.00

    There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could execute arbitrary JavaScript code in the victim’s browser.

  • CVE-2022-38208MedDec 29, 2022
    risk 0.40cvss 6.1epss 0.00

    There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.

  • CVE-2022-38207MedDec 29, 2022
    risk 0.40cvss 6.1epss 0.00

    There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked which could execute arbitrary JavaScript code in the victim’s browser.

  • CVE-2022-38206MedDec 29, 2022
    risk 0.40cvss 6.1epss 0.01

    There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked could execute arbitrary JavaScript code in the victim’s browser.

  • CVE-2022-38204MedDec 29, 2022
    risk 0.40cvss 6.1epss 0.01

    There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.

  • CVE-2022-38193MedAug 16, 2022
    risk 0.40cvss 6.1epss 0.01

    There is a code injection vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below that may allow a remote, unauthenticated attacker to pass strings which could potentially cause arbitrary code execution.

  • CVE-2022-38192MedAug 16, 2022
    risk 0.40cvss 6.1epss 0.00

    A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser.

  • CVE-2022-38191MedAug 15, 2022
    risk 0.40cvss 6.1epss 0.00

    There is an HTML injection issue in Esri Portal for ArcGIS versions 10.9.0 and below which may allow a remote, authenticated attacker to inject HTML into some locations in the home application.

  • CVE-2022-38190MedAug 15, 2022
    risk 0.40cvss 6.1epss 0.01

    A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS configurable apps may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the…

  • CVE-2022-38188MedAug 15, 2022
    risk 0.40cvss 6.1epss 0.00

    There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser.