Page 5 of 39 results (0.013 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could execute arbitrary JavaScript code in the victim’s browser. Hay una vulnerabilidad XSS reflejada en Esri Portal for ArcGIS versiones 10.9.1 y anteriores que puede permitir que un atacante remoto no autenticado cree un enlace manipulado que, al hacer clic en él, podría ejecutar código JavaScript arbitrario en el navegador de la víctima. • https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks. Existe una vulnerabilidad de redireccionamiento no validada en Esri Portal para ArcGIS 11 y versiones anteriores que puede permitir que un atacante remoto no autenticado cree una URL que podría redirigir a una víctima a un sitio web arbitrario, simplificando los ataques de phishing. • https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked which could execute arbitrary JavaScript code in the victim’s browser. Hay una vulnerabilidad XSS reflejada en Esri Portal for ArcGIS versiones 10.8.1 y 10.7.1 que puede permitir que un atacante remoto no autenticado cree un enlace manipulado que, al hacer clic, podría ejecutar código JavaScript arbitrario en el navegador de la víctima. • https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked could execute arbitrary JavaScript code in the victim’s browser. Hay una vulnerabilidad XSS reflejada en Esri Portal for ArcGIS versiones 10.9.1 e inferiores que puede permitir que un atacante remoto no autenticado cree un enlace manipulado que, al hacer clic, podría ejecutar código JavaScript arbitrario en el navegador de la víctima. • https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0

In some non-default installations of Esri Portal for ArcGIS versions 10.9.1 and below, a directory traversal issue may allow a remote, unauthenticated attacker to traverse the file system and lead to the disclosure of sensitive data (not customer-published content). En algunas instalaciones no predeterminadas de Esri Portal for ArcGIS versiones 10.9.1 y anteriores, un problema de directory traversal puede permitir que un atacante remoto no autenticado atraviese el sistema de archivos y provoque la divulgación de datos confidenciales (no contenido publicado por el cliente). • https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •