4.8

CVSS3.1

CVE-2024-25700 - Persistent XSS in URL added to a shared map

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in a web map link which when clicked could potentially execute arbitrary JavaScri…

📅 Published: April 4, 2024, 5:55 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

6.1

CVSS3.1

CVE-2024-25698 - Reflected XSS in Portal for ArcGIS

There is a reflected cross site scripting vulnerability in the home application in Esri Portal for ArcGIS 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’…

📅 Published: April 4, 2024, 5:54 p.m. 🔄 Last Modified: April 10, 2025, 7:06 p.m.

9.9

CVSS3.1

CVE-2024-25693 - Portal for ArcGIS has a directory traversal vulnerability.

There is a path traversal in Esri Portal for ArcGIS versions <= 11.2. Successful exploitation may allow a remote, authenticated attacker to traverse the file system to access files or execute code outside of the intended directory. 

📅 Published: April 4, 2024, 5:54 p.m. 🔄 Last Modified: Jan. 8, 2025, 3:09 p.m.

7.2

CVSS3.1

CVE-2024-25695 - concatenated errors resulting in cross site scripting and frame injection issues.

There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions 11.2 and below that may allow a remote, authenticated attacker to provide input that is not sanitized properly and is rendered in error messages. The are no privileges required to execute this attack.

📅 Published: April 4, 2024, 5:54 p.m. 🔄 Last Modified: April 10, 2025, 7:15 p.m.

4.8

CVSS3.1

CVE-2024-25696 - Stored XSS in Portal for ArcGIS

There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when accessing the page editor an image will render in the victim’s browser. The privileges required to execute this attack a…

📅 Published: April 4, 2024, 5:53 p.m. 🔄 Last Modified: April 10, 2025, 7:15 p.m.

5.4

CVSS3.1

CVE-2024-25697 - Stored XSS in Portal for ArcGIS

There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link which when opening an authenticated users bio page will render an image in the victims browser.  The privileges required to execute …

📅 Published: April 4, 2024, 5:53 p.m. 🔄 Last Modified: April 10, 2025, 7:15 p.m.

4.7

CVSS3.1

CVE-2024-25690 - HTML injection in ArcGIS Web AppBuilder

There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser.

📅 Published: April 4, 2024, 5:53 p.m. 🔄 Last Modified: April 10, 2025, 7:03 p.m.

4.8

CVSS3.1

CVE-2024-25708 - Persistent XSS when creating new application using Web App Builder

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 10.9.1 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser…

📅 Published: April 4, 2024, 5:52 p.m. 🔄 Last Modified: April 10, 2025, 7:15 p.m.

5.4

CVSS3.1

CVE-2024-25692 - BUG-000154722 - Cross-site request forgery (CSRF) issue in Portal for ArcGIS

There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.1 and below that may in some cases allow a remote, unauthenticated attacker to trick an authorized user into executing unwanted actions via a crafted form. The impact to Confidentiality and Integrity vectors i…

📅 Published: April 4, 2024, 5:51 p.m. 🔄 Last Modified: April 10, 2025, 7:15 p.m.

8.7

CVSS3.1

CVE-2024-28787 - IBM Security Verify Access information disclosure

IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP request. IBM X-Force ID: 286584.

📅 Published: April 4, 2024, 5:31 p.m. 🔄 Last Modified: Aug. 14, 2025, 6:54 p.m.
Total resulsts: 349182
Page 10432 of 34,919
« previous page » next page
Filters