← Zuruck zu CVEs
CVE-2023-25837
HIGH8.4
Beschreibung
There is a Cross‑Site Scripting (XSS) vulnerability in Esri ArcGIS Enterprise Sites versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which, when clicked by a victim, could result in the execution of arbitrary JavaScript code in the target’s browser. Exploitation requires high‑privileged authenticated access. Successful exploitation may allow the attacker to access sensitive session data, manipulate trusted content, and disrupt normal application functionality, resulting in a high impact to confidentiality, integrity, and availability.
CVE Details
CVSS v3.1 Bewertung8.4
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienHIGH
BenutzerinteraktionREQUIRED
Veroffentlicht7/21/2023
Zuletzt geandert2/13/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
esri:portal_for_arcgis
Schwachen (CWE)
CWE-79
Referenzen
https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-enterprise-sites-security-patch-is-now-available/(psirt@esri.com)
https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-enterprise-sites-security-patch-is-now-available/(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.