CVE-2024-25708
Persistent XSS when creating new application using Web App Builder
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 10.9.1 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Affected products
Esri · ArcGIS Enterprise Web App BuilderWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →