Vulnerabilities > Esri > Portal FOR Arcgis > 11.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-04 | CVE-2024-25696 | Unspecified vulnerability in Esri Portal for Arcgis There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when accessing the page editor an image will render in the victim’s browser. | 4.8 |
| 2024-04-04 | CVE-2024-25697 | Unspecified vulnerability in Esri Portal for Arcgis There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link which when opening an authenticated users bio page will render an image in the victims browser. | 5.4 |
| 2024-04-04 | CVE-2024-25698 | Unspecified vulnerability in Esri Portal for Arcgis There is a reflected cross site scripting vulnerability in the home application in Esri Portal for ArcGIS 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. | 6.1 |
| 2024-04-04 | CVE-2024-25699 | Unspecified vulnerability in Esri Arcgis Enterprise and Portal for Arcgis There is a difficult to exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versions 11.2 and below on Windows and Linux, and ArcGIS Enterprise 11.1 and below on Kubernetes which, under unique circumstances, could potentially allow a remote, unauthenticated attacker to compromise the confidentiality, integrity, and availability of the software. | 8.1 |
| 2024-04-04 | CVE-2024-25705 | Unspecified vulnerability in Esri Portal for Arcgis There is a cross site scripting vulnerability in the Esri Portal for ArcGIS Experience Builder 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. | 6.1 |
| 2024-04-04 | CVE-2024-25706 | Cross-site Scripting vulnerability in Esri Portal for Arcgis There is an HTML injection vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL which, when clicked, could potentially generate a message that may entice an unsuspecting victim to visit an arbitrary website. | 6.1 |
| 2024-04-04 | CVE-2024-25709 | Unspecified vulnerability in Esri Portal for Arcgis There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS versions 11.2 and below that may allow a remote, authenticated attacker to create a crafted link that can be saved as a new location when moving an existing item which will potentially execute arbitrary JavaScript code in the victim’s browser. | 4.8 |
| 2023-07-21 | CVE-2023-25835 | Unspecified vulnerability in Esri Portal for Arcgis There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Sites versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victims browser. | 4.8 |
| 2022-12-29 | CVE-2022-38208 | Unspecified vulnerability in Esri Portal for Arcgis There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks. | 6.1 |