Portal For Arcgis Sites
Approved changes feed: RSS · Atom
cpe:2.3:a:esri:portal_for_arcgis_sites:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Esri (7fc7b1c4-e95b-5bc9-bfb4-4695cd2e3e82) |
|---|---|
| Product | Portal For Arcgis Sites (0223484d-0326-50e3-a668-4e5313d9cbbe) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-25837 |
vulnerable | 2026-06-03 14:49:34.223590 |
BUG-000133088 - ArcGIS Enterprise site builder is subject to stored XSS.
HIGH (8.4)
There is a Cross‑Site Scripting (XSS) vulnerability in Esri ArcGIS Enterprise Sites versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which, when clicked by a victim, could result in the execution of arbitrary JavaScript code in the target’s browser. Exploitation requires high‑privileged authenticated access. Successful exploitation may allow the attacker to access sensitive session data, manipulate trusted content, and disrupt normal application functionality, resulting in a high impact to confidentiality, integrity, and availability.
Published: 2023-07-21T03:42:24.610Z
Updated: 2026-02-06T06:16:41.493Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-25836 |
vulnerable | 2026-06-03 14:49:34.223193 |
BUG-000135364 XSS in 10.8.1 sites builder iframe source
MEDIUM (5.4)
There is a Cross-site Scripting vulnerability in Esri Portal for ArcGIS Sites in versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are low.
Published: 2023-07-21T03:41:09.485Z
Updated: 2025-04-10T18:41:04.338Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-25835 |
vulnerable | 2026-06-03 14:49:34.222737 |
BUG-000153659 ArcGIS Enterprise Sites has a stored XSS vulnerability
HIGH (8.4)
There is a stored Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS Sites versions 11.1 and below that may allow a remote, authenticated attacker with high‑privileged access to create a crafted link that is persisted within the site configuration. When accessed by a victim, the stored payload may execute arbitrary JavaScript code in the victim’s browser. Successful exploitation could allow the attacker to access sensitive user data and session information, alter trusted site content and user actions, and disrupt normal site functionality, resulting in a high impact to confidentiality, integrity, and availability.
Published: 2023-07-20T23:30:50.190Z
Updated: 2026-02-06T06:17:43.231Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.