Vulnerabilities > CVE-2024-25705 - Unspecified vulnerability in Esri Portal for Arcgis
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
There is a cross site scripting vulnerability in the Esri Portal for ArcGIS Experience Builder 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are low.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 10 | |
| OS | 1 | |
| OS | 1 |