Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Portal for ArcGIS Sites

Source -

CNA

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2023-25837
Assigner-Environmental Systems Research Institute, Inc.
ShareView Details
Assigner-Environmental Systems Research Institute, Inc.
CVSS Score-8.4||HIGH
EPSS-0.16% / 37.47%
||
7 Day CHG~0.00%
Published-21 Jul, 2023 | 03:42
Updated-10 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BUG-000133088 - ArcGIS Enterprise site builder is subject to stored XSS.

There is a Cross-site Scripting vulnerability in Esri ArcGIS Enterprise Sites versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked by a victim could potentially execute arbitrary JavaScript code in the target's browser.  The privileges required to execute this attack are high.    The impact to Confidentiality, Integrity and Availability are High.

Action-Not Available
Vendor-Environmental Systems Research Institute, Inc. ("Esri")
Product-portal_for_arcgisPortal for ArcGIS Sites
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-25836
Assigner-Environmental Systems Research Institute, Inc.
ShareView Details
Assigner-Environmental Systems Research Institute, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.23% / 45.74%
||
7 Day CHG~0.00%
Published-21 Jul, 2023 | 03:41
Updated-10 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BUG-000135364 XSS in 10.8.1 sites builder iframe source

There is a Cross-site Scripting vulnerability in Esri Portal for ArcGIS Sites in versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser.  The privileges required to execute this attack are low.

Action-Not Available
Vendor-Environmental Systems Research Institute, Inc. ("Esri")
Product-portal_for_arcgisPortal for ArcGIS Sites
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-25835
Assigner-Environmental Systems Research Institute, Inc.
ShareView Details
Assigner-Environmental Systems Research Institute, Inc.
CVSS Score-8.4||HIGH
EPSS-0.13% / 33.85%
||
7 Day CHG~0.00%
Published-20 Jul, 2023 | 23:30
Updated-10 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BUG-000153659 ArcGIS Enterprise Sites has a stored XSS vulnerability

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Sites versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victims browser.  The privileges required to execute this attack are high. The impact to Confidentiality, Integrity and Availability are High.

Action-Not Available
Vendor-Environmental Systems Research Institute, Inc. ("Esri")
Product-portal_for_arcgisPortal for ArcGIS Sites
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')