4.8
CVE-2025-57871 - BUG-000174020 -Β Reflected XSS vulnerability identified in Portal for ArcGIS. (11.3, 11.1, 10.9.1)
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser.
6.1
CVE-2025-57872 - BUG-000174150 - Unvalidated redirect in Portal for ArcGIS.
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
4.8
CVE-2025-57873 - BUG-000175222 - Reflected XSS vulnerability in Portal for ArcGIS.
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser.
4.8
CVE-2025-57874 - BUG-000161627 -Β Reflected XSS vulnerability in Portal for ArcGIS.Β (11.3, 11.1, 10.9.1)
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser.
4.8
CVE-2025-57875 - BUG-000164122 - Reflected XSS vulnerability in Portal for ArcGIS.
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser.
4.8
CVE-2025-57877 - Reflected XSS vulnerability in Portal for ArcGIS.
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser.
6.1
CVE-2025-57878 - BUG-000174149 -Β The Portal for ArcGIS has an unvalidated redirect.
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
6.1
CVE-2025-57879 - BUG-000171009 -Β URL manipulation vulnerability in Portal for ArcGIS.
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
4.8
CVE-2025-57876 - Stored XSS vulnerability in Portal for ArcGIS
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in the victimβs browser. The pβ¦
4.9
CVE-2025-36099 - IBM WebSphere Application Server denial of service
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A privileged user could exploit this vulnerability to cause the server to consume memory resources.