GCVE - cpe:2.3:a:esri:enterprise_web_app_builder:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:esri:enterprise_web_app_builder:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Esri (`7fc7b1c4-e95b-5bc9-bfb4-4695cd2e3e82`)
Product	Enterprise Web App Builder (`a82d91a3-ba9b-53cf-af74-7a9842e70472`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-25702`	vulnerable	2026-06-03 14:55:14.000046	BUG-000160599 - Stored XSS in Portal for ArcGIS Web App Builder MEDIUM (4.8) There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal. Published: 2024-10-04T17:17:12.593Z Updated: 2025-04-10T19:15:30.314Z Open on db.gcve.eu Reference links https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2024-update-2-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-25694`	vulnerable	2026-06-03 14:55:13.986655	BUG-000163019 - Stored XSS in Portal for ArcGIS MEDIUM (4.8) There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in the Layer Showcase application configuration which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal. Published: 2024-10-04T17:17:58.818Z Updated: 2025-04-10T19:17:37.686Z Open on db.gcve.eu Reference links https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2024-update-2-released/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.