Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
esri

Portal for ArcGIS

20 Versions 37 CVEs

Versions

11.1

MAJOR_MINOR 8 CVEs

<=11.0

OTHER 2 CVEs

10.9.1

SEMANTIC 13 CVEs

<=11.1

OTHER 3 CVEs

10.9.0

SEMANTIC 1 CVE

10.9

MAJOR_MINOR 2 CVEs

<=110.

OTHER 1 CVE

not down converted

OTHER 2 CVEs

all

OTHER 9 CVEs

All

OTHER 7 CVEs

<=10.7.1

OTHER 1 CVE

<=11.2

OTHER 1 CVE

<= 11.2

OTHER 1 CVE

10.8.1

SEMANTIC 16 CVEs

11.0

MAJOR_MINOR 3 CVEs

10.7.1 10.8.1

OTHER 1 CVE

11.2

MAJOR_MINOR 4 CVEs

10.7.1

SEMANTIC 1 CVE

>=11.2

OTHER 1 CVE

Portal for ArcGIS 10.7.1 and 10.8.1

RC 1 CVE

Recent CVEs

CVE-2023-25831

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.

MEDIUM May 09, 2023

CVE-2022-38189

A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser.

MEDIUM Aug 16, 2022

CVE-2022-38184

There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unauthenticated attacker to access an API that may induce Esri Portal for ArcGIS to read arbitrary URLs.

HIGH Aug 16, 2022

CVE-2022-38192

A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser.

MEDIUM Aug 16, 2022

CVE-2022-38194

In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may lead to a local user reading sensitive information from a properties file.

MEDIUM Aug 16, 2022

CVE-2022-38191

There is an HTML injection issue in Esri Portal for ArcGIS versions 10.9.0 and below which may allow a remote, authenticated attacker to inject HTML into some locations in the home application.

MEDIUM Aug 15, 2022

CVE-2022-38187

Prior to version 10.9.0, the sharing/rest/content/features/analyze endpoint is always accessible to anonymous users, which could allow an unauthenticated attacker to induce Esri Portal for ArcGIS to read arbitrary URLs.

HIGH Aug 15, 2022

CVE-2022-38188

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser.

HIGH Aug 15, 2022

CVE-2022-38190

A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS configurable apps may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser

MEDIUM Aug 15, 2022

CVE-2022-38186

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser.

HIGH Aug 15, 2022