CVE-2024-25700
Persistent XSS in URL added to a shared map
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in a web map link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Productos afectados
Esri · ArcGIS Enterprise Builder¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →