CVE-2024-25708
04.04.2024, 18:15
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 10.9.1 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are high.
| Vendor | Product | Version |
|---|---|---|
| esri | arcgis_enterprise | 10.8.1 |
| esri | arcgis_enterprise | 10.9.1 |
𝑥
= Vulnerable software versions