CVE-2022-38189
There is a stored cross-site scripting (XSS) vulnerability in ArcGIS API for JavaScript.
Severity Score
5.4
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser.
Una vulnerabilidad de tipo Cross Site Scripting (XSS) almacenado en Esri Portal para ArcGIS puede permitir a un atacante remoto y autenticado pasar y almacenar cadenas maliciosas por medio de consultas diseñadas que, cuando es accedida a ellas, podrían ejecutar código JavaScript arbitrario en el navegador del usuario.
*Credits:
Gustavo Silva
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-08-12 CVE Reserved
- 2022-08-16 CVE Published
- 2024-02-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Esri Search vendor "Esri" | Portal For Arcgis Search vendor "Esri" for product "Portal For Arcgis" | - | - |
Affected
|