CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25831 – BUG-000154236 There is a reflected cross-site scripting (XSS) vulnerability in Portal for ArcGIS.
https://notcve.org/view.php?id=CVE-2023-25831
09 May 2023 — There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in ... • https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8095 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25830 – BUG-000154662 Reflected XSS vulnerability in Portal for ArcGIS
https://notcve.org/view.php?id=CVE-2023-25830
09 May 2023 — There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and before which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in... • https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8095 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38204 – Reflected XSS vulnerability in Portal for ArcGIS (10.8.1 and 10.7.1 only)
https://notcve.org/view.php?id=CVE-2022-38204
29 Dec 2022 — There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. Hay una vulnerabilidad XSS reflejada en Esri Portal for ArcGIS versiones 10.8.1 y 10.7.1 que puede permitir que un atacante remoto no autenticado cree un enlace manipulado que, al hacer clic, podría ejecutar código JavaScript arbitrario en el naveg... • https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38207 – Reflected XSS vulnerability in Portal for ArcGIS (10.8.1 and 10.7.1 only)
https://notcve.org/view.php?id=CVE-2022-38207
29 Dec 2022 — There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked which could execute arbitrary JavaScript code in the victim’s browser. Hay una vulnerabilidad XSS reflejada en Esri Portal for ArcGIS versiones 10.8.1 y 10.7.1 que puede permitir que un atacante remoto no autenticado cree un enlace manipulado que, al hacer clic, podría ejecutar código JavaScript arbitrario en el nave... • https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38194 – Portal for ArcGIS system properties are not properly encrypted (10.8.1 only)
https://notcve.org/view.php?id=CVE-2022-38194
16 Aug 2022 — In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may lead to a local user reading sensitive information from a properties file. En Esri Portal para ArcGIS versiones 10.8.1, una propiedad del sistema no está correctamente cifrada. Esto puede conllevar a que un usuario local lea información sensible de un archivo de propiedades. • https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2022-update-1-patch • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8267
https://notcve.org/view.php?id=CVE-2014-8267
01 Feb 2015 — Cross-site scripting (XSS) vulnerability in QPR Portal 2014.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the RID parameter. Vulnerabilidad de XSS en QPR Portal 2014.1.1 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro RID. • http://www.kb.cert.org/vuls/id/546340 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8268
https://notcve.org/view.php?id=CVE-2014-8268
01 Feb 2015 — QPR Portal before 2012.2.1 allows remote attackers to modify or delete notes via a direct request. QPR Portal anterior a 2012.2.1 permite a atacantes remotos modificar o eliminar notas a través de una solicitud directa. • http://www.kb.cert.org/vuls/id/546340 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8266
https://notcve.org/view.php?id=CVE-2014-8266
01 Feb 2015 — Multiple cross-site scripting (XSS) vulnerabilities in the note-creation page in QPR Portal 2014.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body field. Múltiples vulnerabilidades de XSS en la página de la creación de notas en QPR Portal 2014.1.1 y anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del campo (1) title o (2) body. • http://www.kb.cert.org/vuls/id/546340 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •