Esri Portal For Arcgis
Approved changes feed: RSS · Atom
cpe:2.3:a:esri:portal_for_arcgis:-:*:*:*:*:*:*:*
part: a version: - update: *
| Vendor | Esri (7fc7b1c4-e95b-5bc9-bfb4-4695cd2e3e82) |
|---|---|
| Product | Portal For Arcgis (4a9585b9-e85b-56ed-a5e6-c7c2789574cc) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-8149 |
vulnerable | 2026-06-03 14:58:17.232606 |
BUG-000168624 - Unvalidated redirect in Portal for ArcGIS.
MEDIUM (4.6)
There is a reflected Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2 that may allow a remote, authenticated attacker with low‑privileged access to create a crafted link which, when clicked, could potentially execute arbitrary JavaScript code in the victim’s browser. Exploitation is limited to the same browser execution context and does not result in a change of security scope beyond the affected user session.
Published: 2024-10-04T17:14:39.010Z
Updated: 2026-02-06T06:15:10.027Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-38039 |
vulnerable | 2026-06-03 14:56:07.899677 |
BUG-000161683 - HTML injection vulnerability in Portal for ArcGIS.
MEDIUM (5.4)
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or customer data rendered).
Published: 2024-10-04T17:13:13.811Z
Updated: 2024-10-08T16:43:18.350Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-38038 |
vulnerable | 2026-06-03 14:56:07.899089 |
BUG-000165732 - Reflected XSS in Portal for ArcGIS
MEDIUM (6.1)
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
Published: 2024-10-04T17:19:24.306Z
Updated: 2025-04-10T19:19:18.927Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-38036 |
vulnerable | 2026-06-03 14:56:07.893087 |
BUG-000154827 - Reflected XSS in ArcGIS Experience Builder
MEDIUM (5.4)
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
Published: 2024-10-04T17:16:24.601Z
Updated: 2025-04-10T19:13:35.971Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-25707 |
vulnerable | 2026-06-03 14:55:14.001387 |
BUG-000160241 - Reflected XSS in Portal for ArcGIS
MEDIUM (4.8)
There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript code in the their own browser (Self XSS). A user cannot be phished into clicking a link to execute code.
Published: 2024-10-04T17:16:47.983Z
Updated: 2025-04-10T19:14:34.300Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-25701 |
vulnerable | 2026-06-03 14:55:13.997807 |
BUG-000160765 - Stored XSS in ArcGIS Experience Builder
MEDIUM (4.8)
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Experience Builder versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in the Experience Builder Embed widget which when loaded could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal.
Published: 2024-10-04T17:17:34.464Z
Updated: 2025-04-10T19:16:16.784Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-25698 |
vulnerable | 2026-06-03 14:55:13.993278 |
Reflected XSS in Portal for ArcGIS
MEDIUM (6.1)
There is a reflected cross site scripting vulnerability in the home application in Esri Portal for ArcGIS 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
Published: 2024-04-04T17:54:47.747Z
Updated: 2025-04-10T19:06:55.698Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-25691 |
vulnerable | 2026-06-03 14:55:13.979959 |
BUG-000165286 - Reflected XSS in Portal for ArcGIS
MEDIUM (6.1)
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
Published: 2024-10-04T17:18:52.963Z
Updated: 2025-04-10T19:18:32.234Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-38189 |
vulnerable | 2026-06-03 14:47:49.435612 |
There is a stored cross-site scripting (XSS) vulnerability in ArcGIS API for JavaScript.
MEDIUM (5.4)
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser.
Published: 2022-08-16T17:25:13.227Z
Updated: 2025-04-10T14:56:40.120Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.