Portal For Arcgis Enterprise Sites
Approved changes feed: RSS · Atom
cpe:2.3:a:esri:portal_for_arcgis_enterprise_sites:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Esri (7fc7b1c4-e95b-5bc9-bfb4-4695cd2e3e82) |
|---|---|
| Product | Portal For Arcgis Enterprise Sites (813116d8-85ed-5b71-aa1b-0447984292d2) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-55107 |
vulnerable | 2026-06-03 15:04:57.668754 |
BUG-000177335 ArcGIS Enterprise Sites has a stored Cross-site Scripting vulnerability.
MEDIUM (4.8)
There is a stored
Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites
versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to
inject malicious a file with an embedded xss script which when loaded could
potentially execute arbitrary JavaScript code in the victim’s browser. The
privileges required to execute this attack are high. The attack could
disclose a privileged token which may result in the attacker gaining full
control of the Portal.
Published: 2025-08-21T19:29:59.526Z
Updated: 2025-09-18T21:30:04.719Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55106 |
vulnerable | 2026-06-03 15:04:57.668332 |
BUG-000173171 ArcGIS Enterprise Sites has a Cross-site Scripting vulnerability.
MEDIUM (4.8)
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal.
Published: 2025-08-21T19:29:37.478Z
Updated: 2025-08-21T20:06:32.095Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55104 |
vulnerable | 2026-06-03 15:04:57.663591 |
BUG-000173918 - ArcGIS Enterprise Sites has a security vulnerability.
MEDIUM (4.8)
A stored cross-site scripting (XSS) vulnerability exists ArcGIS HUB and ArcGIS Enterprise Sites which allows an authenticated user with the ability to create or edit a site to add and store an XSS payload. If this stored XSS payload is triggered by any user attacker supplied JavaScript may execute in the victim's browser.
Published: 2025-08-21T19:28:43.077Z
Updated: 2025-08-21T20:04:38.047Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-55103 |
vulnerable | 2026-06-03 15:04:57.657665 |
BUG-000177333 - ArcGIS Enterprise Sites has a stored Cross-site Scripting vulnerability.
MEDIUM (4.8)
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal.
Published: 2025-08-21T19:25:13.460Z
Updated: 2025-09-09T16:54:02.458Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.