There is a stored
Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites
versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to
inject malicious a file with an embedded xss script which when loaded could
potentially execute arbitrary JavaScript code in the victim’s browser. The
privileges required to execute this attack are high. The attack could
disclose a privileged token which may result in the attacker gaining full
control of the Portal.
References
Configurations
No configuration.
History
22 Aug 2025, 18:08
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
21 Aug 2025, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-08-21 20:15
Updated : 2025-08-22 18:08
NVD link : CVE-2025-55107
Mitre link : CVE-2025-55107
CVE.ORG link : CVE-2025-55107
JSON object : View
Products Affected
No product.
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')