CVE-2024-25704

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because this item is scheduled to be patched at a future time.

CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

25 Apr 2024, 19:15

Type	Values Removed	Values Added
CWE	~~CWE-79~~
References	~~{'url': 'https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2024-update-2/', 'source': 'psirt@esri.com'}~~
CVSS	v2 : ~~unknown~~ v3 : ~~4.8~~	v2 : unknown v3 : unknown
Summary	(es) Existe una vulnerabilidad de Cross-Site Scripting almacenada en Esri Portal for ArcGIS Enterprise Experience Builder versiones <= 11.1 que puede permitir que un atacante remoto y autenticado cree un enlace manipulado que se almacena en el widget de inserción de Experience Builder que, cuando se carga, podría ejecutarse de forma arbitraria. Código JavaScript en el navegador de la víctima. Los privilegios necesarios para ejecutar este ataque son elevados.
Summary	(en) There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Experience Builder versions <= 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the Experience Builder Embed widget which when loaded could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high.	(en) Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because this item is scheduled to be patched at a future time.

04 Apr 2024, 19:24

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-04 18:15

Updated : 2024-04-25 19:15

NVD link : CVE-2024-25704

Mitre link : CVE-2024-25704

CVE.ORG link : CVE-2024-25704

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2024-25704

Attach tags to `CVE-2024-25704`