Vulnerabilities in Esri
150 resultsCVE-2023-25831MEDIUMBUG-000154236 There is a reflected cross-site scripting (XSS) vulnerability in Portal for ArcGIS.EPSS 0.5%CVE-2022-38198MEDIUMBUG-000146513 - Reflected XSS vulnerability in ArcGIS ServerEPSS 0.5%CVE-2023-25841MEDIUMBUG-000158075 Stored XSS issue in ArcGIS ServerEPSS 0.5%CVE-2022-38197MEDIUMBUG-000148347 Unvalidated redirect issues in ArcGIS Server.EPSS 0.5%CVE-2022-38189MEDIUMThere is a stored cross-site scripting (XSS) vulnerability in ArcGIS API for JavaScript.EPSS 0.5%CVE-2023-25830MEDIUMBUG-000154662 Reflected XSS vulnerability in Portal for ArcGISEPSS 0.5%CVE-2023-25838HIGHBUG-000157278 – ArcGIS Insights has a security vulnerability.EPSS 0.5%CVE-2022-38206MEDIUMReflected XSS vulnerability in Portal for ArcGIS (10.9.1, 10.8.1 and 10.7.1 only)EPSS 0.5%CVE-2022-38204MEDIUMReflected XSS vulnerability in Portal for ArcGIS (10.8.1 and 10.7.1 only)EPSS 0.5%CVE-2025-57870CRITICALBUG-000179884 - There is a security vulnerability in ArcGIS Server Feature Services.EPSS 0.5%CVE-2022-38210MEDIUMHTML injection in accountswitcher-callback.html (10.9.1, 10.8.1 and 10.7.1 only)EPSS 0.5%CVE-2022-38207MEDIUMReflected XSS vulnerability in Portal for ArcGIS (10.8.1 and 10.7.1 only)EPSS 0.5%CVE-2022-38209MEDIUMReflected XSS vulnerability in Portal for ArcGISEPSS 0.5%CVE-2022-38188HIGHThere is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user tEPSS 0.5%CVE-2022-38186HIGHThere is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below which may allow a remote attacker able to convincEPSS 0.5%CVE-2023-25829MEDIUMBUG-000155001 - Unvalidated redirect in Portal for ArcGIS.EPSS 0.5%CVE-2022-38208MEDIUMUnvalidated redirect in Portal for ArcGISEPSS 0.5%CVE-2022-38201MEDIUMAn unvalidated redirect vulnerability exists in Esri ArcGIS Quick Capture Web Designer versions 10.8.1 to 10.9.1.EPSS 0.5%CVE-2022-38191MEDIUMHTML injection vulnerability in Portal for ArcGISEPSS 0.5%CVE-2022-38192MEDIUMThere is a stored cross-site scripting (XSS) vulnerability in ArcGIS API for JavaScript.EPSS 0.5%