CVE-2024-25706
HTMLi at createFolder Content Injection
There is an HTML injection vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL which, when clicked, could potentially generate a message that may entice an unsuspecting victim to visit an arbitrary website. This could simplify phishing attacks.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Produtos afetados
Esri · Portal for ArcGISQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →