NotCVE - vendor:"Esri" product:"Portal For ArcGIS"

Page 2 of 51 results (0.003 seconds)

CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-25699 – Portal for ArcGIS has an invalid authentication vulnerability

https://notcve.org/view.php?id=CVE-2024-25699

04 Apr 2024 — There is a difficult to exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versions 10.8.1 through 11.2 on Windows and Linux, and ArcGIS Enterprise 11.1 and below on Kubernetes which, under unique circumstances, could potentially allow a remote, unauthenticated attacker to compromise the confidentiality, integrity, and availability of the software. Existe un problema de autenticación incorrecta difícil de explotar en la aplicación Inicio de Esri Portal for ArcGIS versio... • https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2024-update-1 • CWE-287: Improper Authentication •

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-25705 – Cross site scripting issue in embed widget

https://notcve.org/view.php?id=CVE-2024-25705

04 Apr 2024 — This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because this item is scheduled to be patched at a future time. There is a cross site scripting vulnerability in the Esri Portal for ArcGIS Experience Builder 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are low. • https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/the-portal-for-arcgis-security-2024-update-2-is-available-install-these-patches-at-your-earliest-opportunity-to-address-these-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-25706 – HTMLi at createFolder Content Injection

https://notcve.org/view.php?id=CVE-2024-25706

04 Apr 2024 — This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because this item is scheduled to be patched at a future time. There is an HTML injection vulnerability in Esri Portal for ArcGIS <=11.0 that may allow a remote, unauthenticated attacker to craft a URL which, when clicked, could potentially generate a message that may entice an unsuspecting victim to visit an arbitrary website. This could simplify phishing attacks. • https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2024-update-2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.9EPSS: 0%CPEs: 5EXPL: 0

CVE-2024-25709 – Self-XSS style in move item dialog

https://notcve.org/view.php?id=CVE-2024-25709

04 Apr 2024 — This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because this item is scheduled to be patched at a future time. There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS versions 10.8.1 – 1121 that may allow a remote, authenticated attacker to create a crafted link that can be saved as a new location when moving an existing item which will potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are h... • https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2024-update-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0

CVE-2024-25698 – Reflected XSS in Portal for ArcGIS

https://notcve.org/view.php?id=CVE-2024-25698

04 Apr 2024 — There is a reflected cross site scripting vulnerability in the home application in Esri Portal for ArcGIS 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. Hay una vulnerabilidad de Cross-Site Scripting reflejada en la aplicación doméstica en Esri Portal para ArcGIS 11.1 y versiones anteriores en Windows y Linux que permite a un atacante remoto y no autent... • https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2024-update-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.9EPSS: 2%CPEs: 1EXPL: 0

CVE-2024-25693 – Portal for ArcGIS has a directory traversal vulnerability.

https://notcve.org/view.php?id=CVE-2024-25693

04 Apr 2024 — There is a path traversal in Esri Portal for ArcGIS versions <= 11.2. Successful exploitation may allow a remote, authenticated attacker to traverse the file system to access files or execute code outside of the intended directory. Hay un path traversal en Esri Portal para versiones de ArcGIS <= 11.2. La explotación exitosa puede permitir que un atacante remoto y autenticado atraviese el sistema de archivos para acceder a archivos o ejecutar código fuera del directorio previsto. • https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2024-update-1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-25695 – concatenated errors resulting in cross site scripting and frame injection issues.

https://notcve.org/view.php?id=CVE-2024-25695

04 Apr 2024 — There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions <= 11.2 that may allow a remote, authenticated attacker to provide input that is not sanitized properly and is rendered in error messages. The are no privileges required to execute this attack. Existe una vulnerabilidad de Cross-Site Scripting en Portal for ArcGIS en versiones <= 11.2 que puede permitir que un atacante remoto y autenticado proporcione entradas que no están desinfectadas adecuadamente y se muestran en mensajes ... • https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2024-update-2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2024-25696 – Stored XSS in Portal for ArcGIS

https://notcve.org/view.php?id=CVE-2024-25696

04 Apr 2024 — There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions <=11.0 that may allow a remote, authenticated attacker to create a crafted link which when accessing the page editor an image will render in the victim’s browser. The privileges required to execute this attack are high. Existe una vulnerabilidad de Cross-Site Scripting en Portal for ArcGIS en versiones <= 11.0 que puede permitir que un atacante remoto y autenticado cree un enlace manipulado que, al acceder al editor de páginas... • https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2024-update-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-25697 – Stored XSS in Portal for ArcGIS

https://notcve.org/view.php?id=CVE-2024-25697

04 Apr 2024 — There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions <=11.1 that may allow a remote, authenticated attacker to create a crafted link which when opening an authenticated users bio page will render an image in the victims browser. The privileges required to execute this attack are low. Existe una vulnerabilidad de Cross-Site Scripting en Portal for ArcGIS en versiones <= 11.1 que puede permitir que un atacante remoto y autenticado cree un enlace manipulado que, al abrir la página ... • https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2024-update-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-25837 – BUG-000133088 - ArcGIS Enterprise site builder is subject to stored XSS.

https://notcve.org/view.php?id=CVE-2023-25837

21 Jul 2023 — There is a Cross-site Scripting vulnerability in Esri ArcGIS Enterprise Sites versions 10.8.1 – 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked by a victim could potentially execute arbitrary JavaScript code in the target's browser. The privileges required to execute this attack are high. The impact to Confidentiality, Integrity and Availability are High. There is a Cross-site Scripting vulnerability in Esri ArcGIS Enterprise Sites versions 10.8.1 – 10.9 that... • https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-enterprise-sites-security-patch-is-now-available • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3 4 5