CVE-2023-25835

CVSS V2 None CVSS V3 None

Description

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are high. The impact to Confidentiality, Integrity and Availability are High.

Overview

CVE ID
CVE-2023-25835

Assigner
Esri

Vulnerability Status
PUBLISHED

Published Version
2023-07-20T23:30:50.190Z

Last Modified Date
2024-01-29T21:26:06.843Z

Weakness Enumerations

CWE	URL
CWE-79	http://cwe.mitre.org/data/definitions/79.html

References

Reference URL	Reference Tags
https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-enterprise-sites-security-patch-is-now-available/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-25835
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25835

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 17:52:35				Added to TrackCVE