Esri Portal For Arcgis 10.9.1
Approved changes feed: RSS · Atom
cpe:2.3:a:esri:portal_for_arcgis:10.9.1:*:*:*:*:*:*:*
part: a version: 10.9.1 update: *
| Vendor | Esri (7fc7b1c4-e95b-5bc9-bfb4-4695cd2e3e82) |
|---|---|
| Product | Portal For Arcgis (4a9585b9-e85b-56ed-a5e6-c7c2789574cc) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-55103 |
vulnerable | 2026-06-03 15:04:57.658595 |
BUG-000177333 - ArcGIS Enterprise Sites has a stored Cross-site Scripting vulnerability.
MEDIUM (4.8)
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal.
Published: 2025-08-21T19:25:13.460Z
Updated: 2025-09-09T16:54:02.458Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-8148 |
vulnerable | 2026-06-03 14:58:17.229461 |
BUG-000168624 - Unvalidated redirect in Portal for ArcGIS. (11.2, 11.1, 10.9.1. and 10.8.1)
MEDIUM (6.1)
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.2 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
Published: 2024-10-04T17:11:43.279Z
Updated: 2025-04-10T19:11:58.566Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-38040 |
vulnerable | 2026-06-03 14:56:07.900229 |
BUG-000167984 - Portal for ArcGIS has a Local file inclusion (LFI) vulnerability
HIGH (7.5)
There is a local file inclusion vulnerability in Esri Portal for ArcGIS 11.2 and below that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive configuration information by reading internal files.
Published: 2024-10-04T18:04:01.657Z
Updated: 2025-04-10T18:52:18.843Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-38038 |
vulnerable | 2026-06-03 14:56:07.899211 |
BUG-000165732 - Reflected XSS in Portal for ArcGIS
MEDIUM (6.1)
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
Published: 2024-10-04T17:19:24.306Z
Updated: 2025-04-10T19:19:18.927Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-38037 |
vulnerable | 2026-06-03 14:56:07.897593 |
BUG-000167983 - Unvalidated redirect in Portal for ArcGIS
MEDIUM (6.1)
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
Published: 2024-10-04T17:10:27.638Z
Updated: 2025-04-10T19:11:16.353Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-38036 |
vulnerable | 2026-06-03 14:56:07.896072 |
BUG-000154827 - Reflected XSS in ArcGIS Experience Builder
MEDIUM (5.4)
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
Published: 2024-10-04T17:16:24.601Z
Updated: 2025-04-10T19:13:35.971Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-25709 |
vulnerable | 2026-06-03 14:55:14.007482 |
Self-XSS style in move item dialog
MEDIUM (6.1)
There is a stored Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS versions 11.2 and below that may allow a remote, authenticated attacker to create a crafted link that can be saved as a new location when moving an existing item, which could potentially execute arbitrary JavaScript code in a victim’s browser. Exploitation does not require any privileges and can be performed by an anonymous user.
Published: 2024-04-04T17:55:17.893Z
Updated: 2026-02-06T06:10:48.587Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-25698 |
vulnerable | 2026-06-03 14:55:13.991498 |
Reflected XSS in Portal for ArcGIS
MEDIUM (6.1)
There is a reflected cross site scripting vulnerability in the home application in Esri Portal for ArcGIS 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
Published: 2024-04-04T17:54:47.747Z
Updated: 2025-04-10T19:06:55.698Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-25691 |
vulnerable | 2026-06-03 14:55:13.981851 |
BUG-000165286 - Reflected XSS in Portal for ArcGIS
MEDIUM (6.1)
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
Published: 2024-10-04T17:18:52.963Z
Updated: 2025-04-10T19:18:32.234Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-25831 |
vulnerable | 2026-06-03 14:49:34.218575 |
BUG-000154236 There is a reflected cross-site scripting (XSS) vulnerability in Portal for ArcGIS.
MEDIUM (6.1)
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
Published: 2023-05-09T20:45:19.896Z
Updated: 2025-04-10T18:39:33.871Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-25830 |
vulnerable | 2026-06-03 14:49:34.218058 |
BUG-000154662 Reflected XSS vulnerability in Portal for ArcGIS
MEDIUM (6.1)
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and before which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
Published: 2023-05-09T16:31:21.361Z
Updated: 2025-04-10T18:36:19.457Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-25829 |
vulnerable | 2026-06-03 14:49:34.215377 |
BUG-000155001 - Unvalidated redirect in Portal for ArcGIS.
MEDIUM (6.1)
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
Published: 2023-05-09T16:00:29.494Z
Updated: 2025-04-10T18:30:40.435Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.