CVE-2024-25703

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because this item is scheduled to be patched at a future time.

CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

25 Apr 2024, 19:15

Type	Values Removed	Values Added
Summary	(es) Hay una vulnerabilidad de Cross-Site Scripting reflejada en la aplicación doméstica en Esri Portal para ArcGIS 11.1 y versiones anteriores en Windows y Linux que permite a un atacante remoto y no autenticado crear un enlace manipulado que, al hacer clic, podría ejecutar código JavaScript arbitrario en el navegador de la víctima.
Summary	(en) There is a reflected cross site scripting vulnerability in the home application in Esri Portal for ArcGIS 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.	(en) Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because this item is scheduled to be patched at a future time.
CWE	~~CWE-79~~
References	~~{'url': 'https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2024-update-2/', 'source': 'psirt@esri.com'}~~
CVSS	v2 : ~~unknown~~ v3 : ~~6.1~~	v2 : unknown v3 : unknown

04 Apr 2024, 19:24

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-04 18:15

Updated : 2024-04-25 19:15

NVD link : CVE-2024-25703

Mitre link : CVE-2024-25703

CVE.ORG link : CVE-2024-25703

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2024-25703

Attach tags to `CVE-2024-25703`