Esri Portal For Arcgis 10.8.1
Approved changes feed: RSS · Atom
cpe:2.3:a:esri:portal_for_arcgis:10.8.1:*:*:*:*:*:*:*
part: a version: 10.8.1 update: *
| Vendor | Esri (7fc7b1c4-e95b-5bc9-bfb4-4695cd2e3e82) |
|---|---|
| Product | Portal For Arcgis (4a9585b9-e85b-56ed-a5e6-c7c2789574cc) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-8148 |
vulnerable | 2026-06-03 14:58:17.228355 |
BUG-000168624 - Unvalidated redirect in Portal for ArcGIS. (11.2, 11.1, 10.9.1. and 10.8.1)
MEDIUM (6.1)
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.2 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
Published: 2024-10-04T17:11:43.279Z
Updated: 2025-04-10T19:11:58.566Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-38040 |
vulnerable | 2026-06-03 14:56:07.900197 |
BUG-000167984 - Portal for ArcGIS has a Local file inclusion (LFI) vulnerability
HIGH (7.5)
There is a local file inclusion vulnerability in Esri Portal for ArcGIS 11.2 and below that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive configuration information by reading internal files.
Published: 2024-10-04T18:04:01.657Z
Updated: 2025-04-10T18:52:18.843Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-38038 |
vulnerable | 2026-06-03 14:56:07.899188 |
BUG-000165732 - Reflected XSS in Portal for ArcGIS
MEDIUM (6.1)
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
Published: 2024-10-04T17:19:24.306Z
Updated: 2025-04-10T19:19:18.927Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-38036 |
vulnerable | 2026-06-03 14:56:07.895434 |
BUG-000154827 - Reflected XSS in ArcGIS Experience Builder
MEDIUM (5.4)
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
Published: 2024-10-04T17:16:24.601Z
Updated: 2025-04-10T19:13:35.971Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-25709 |
vulnerable | 2026-06-03 14:55:14.007457 |
Self-XSS style in move item dialog
MEDIUM (6.1)
There is a stored Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS versions 11.2 and below that may allow a remote, authenticated attacker to create a crafted link that can be saved as a new location when moving an existing item, which could potentially execute arbitrary JavaScript code in a victim’s browser. Exploitation does not require any privileges and can be performed by an anonymous user.
Published: 2024-04-04T17:55:17.893Z
Updated: 2026-02-06T06:10:48.587Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-25698 |
vulnerable | 2026-06-03 14:55:13.991364 |
Reflected XSS in Portal for ArcGIS
MEDIUM (6.1)
There is a reflected cross site scripting vulnerability in the home application in Esri Portal for ArcGIS 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
Published: 2024-04-04T17:54:47.747Z
Updated: 2025-04-10T19:06:55.698Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-25691 |
vulnerable | 2026-06-03 14:55:13.981107 |
BUG-000165286 - Reflected XSS in Portal for ArcGIS
MEDIUM (6.1)
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
Published: 2024-10-04T17:18:52.963Z
Updated: 2025-04-10T19:18:32.234Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-25831 |
vulnerable | 2026-06-03 14:49:34.218556 |
BUG-000154236 There is a reflected cross-site scripting (XSS) vulnerability in Portal for ArcGIS.
MEDIUM (6.1)
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
Published: 2023-05-09T20:45:19.896Z
Updated: 2025-04-10T18:39:33.871Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-25830 |
vulnerable | 2026-06-03 14:49:34.218015 |
BUG-000154662 Reflected XSS vulnerability in Portal for ArcGIS
MEDIUM (6.1)
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and before which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
Published: 2023-05-09T16:31:21.361Z
Updated: 2025-04-10T18:36:19.457Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-38207 |
vulnerable | 2026-06-03 14:47:49.453437 |
Reflected XSS vulnerability in Portal for ArcGIS (10.8.1 and 10.7.1 only)
MEDIUM (6.1)
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked which could execute arbitrary JavaScript code in the victim’s browser.
Published: 2022-12-30T05:13:00.217Z
Updated: 2025-04-10T14:54:02.665Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-38204 |
vulnerable | 2026-06-03 14:47:49.452252 |
Reflected XSS vulnerability in Portal for ArcGIS (10.8.1 and 10.7.1 only)
MEDIUM (6.1)
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
Published: 2022-12-30T05:13:00.217Z
Updated: 2025-04-10T14:54:47.617Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-38194 |
vulnerable | 2026-06-03 14:47:49.439055 |
Portal for ArcGIS system properties are not properly encrypted (10.8.1 only)
MEDIUM (6.7)
In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may lead to a local user reading sensitive information from a properties file.
Published: 2022-08-16T17:00:17.513Z
Updated: 2025-04-10T14:57:25.465Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.