VYPR

Portal For Arcgis

by Esri

CVEs (67)

  • CVE-2022-38186MedAug 15, 2022
    risk 0.40cvss 6.1epss 0.00

    There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser.

  • CVE-2021-29109MedOct 1, 2021
    risk 0.40cvss 6.1epss 0.01

    A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser.

  • CVE-2024-38039MedOct 4, 2024
    risk 0.35cvss 5.4epss 0.00

    There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or customer data…

  • CVE-2024-38036MedOct 4, 2024
    risk 0.35cvss 5.4epss 0.01

    There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.

  • CVE-2024-25705MedApr 4, 2024
    risk 0.35cvss 5.4epss 0.00

    There is a cross‑site scripting (XSS) vulnerability in Esri Portal for ArcGIS Experience Builder versions 11.1 and below on Windows and Linux that allows a remote, authenticated attacker with low‑privileged access to create a crafted link which, when clicked, could…

  • CVE-2024-25697MedApr 4, 2024
    risk 0.35cvss 5.4epss 0.00

    There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link which when opening an authenticated users bio page will render an image in the victims browser.  The…

  • CVE-2024-25692MedApr 4, 2024
    risk 0.35cvss 5.4epss 0.00

    There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.1 and below that may in some cases allow a remote, unauthenticated attacker to trick an authorized user into executing unwanted actions via a crafted form. The impact to Confidentiality and…

  • CVE-2023-25836MedJul 21, 2023
    risk 0.35cvss 5.4epss 0.00

    There is a Cross-site Scripting vulnerability in Esri Portal for ArcGIS Sites in versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser.  The…

  • CVE-2023-25833MedMay 10, 2023
    risk 0.35cvss 5.4epss 0.00

    There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or customer data…

  • CVE-2023-25834MedMay 9, 2023
    risk 0.35cvss 5.4epss 0.00

    Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access.

  • CVE-2022-38189MedAug 16, 2022
    risk 0.35cvss 5.4epss 0.01

    A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser.

  • CVE-2021-29110MedOct 1, 2021
    risk 0.35cvss 5.4epss 0.01

    Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application.

  • CVE-2024-25707MedOct 4, 2024
    risk 0.31cvss 4.8epss 0.00

    There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript code in the their own…

  • CVE-2024-25701MedOct 4, 2024
    risk 0.31cvss 4.8epss 0.00

    There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Experience Builder versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in the Experience Builder Embed widget which when loaded…

  • CVE-2024-25696MedApr 4, 2024
    risk 0.31cvss 4.8epss 0.00

    There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when accessing the page editor an image will render in the victim’s browser. The privileges required to…

  • CVE-2024-25690MedApr 4, 2024
    risk 0.31cvss 4.7epss 0.00

    There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser.

  • CVE-2024-8149MedOct 4, 2024
    risk 0.30cvss 4.6epss 0.00

    There is a reflected Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2 that may allow a remote, authenticated attacker with low‑privileged access to create a crafted link which, when clicked, could potentially execute arbitrary…

  • CVE-2025-57871Sep 29, 2025
    risk 0.00cvss epss 0.00

    There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser.

  • CVE-2025-57872Sep 29, 2025
    risk 0.00cvss epss 0.00

    There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.

  • CVE-2025-57873Sep 29, 2025
    risk 0.00cvss epss 0.00

    There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser.