CVE-2023-25837

CVSS V2 None CVSS V3 None

Description

There is a Cross-site Scripting vulnerability in Esri ArcGIS Enterprise Sites versions 10.8.1 – 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked by a victim could potentially execute arbitrary JavaScript code in the target's browser. The privileges required to execute this attack are high. The impact to Confidentiality, Integrity and Availability are High.

Overview

CVE ID
CVE-2023-25837

Assigner
Esri

Vulnerability Status
PUBLISHED

Published Version
2023-07-21T03:42:24.610Z

Last Modified Date
2024-01-29T21:26:29.386Z

Weakness Enumerations

CWE	URL
CWE-79	http://cwe.mitre.org/data/definitions/79.html

References

Reference URL	Reference Tags
https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-enterprise-sites-security-patch-is-now-available/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-25837
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25837

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 17:40:02				Added to TrackCVE