Esri Portal for ArcGIS
Moderate fix1 remedy
cpe:2.3:a:esri:portal_for_arcgis:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 11.4
Esri Portal for ArcGIS Reflected Cross-Site Scripting Vulnerability
Vulnerability
A reflected cross-site scripting vulnerability has been identified in Esri Portal for ArcGIS versions 11.4 and earlier. This vulnerability allows a remote authenticated attacker with administrative privileges to inject a crafted string that executes arbitrary JavaScript in the victim's browser.
Impact
Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can execute malicious scripts in the context of the user's browser session.
Remediation
Esri has released a security patch for Portal for ArcGIS in 2025 Update 3. This patch addresses this vulnerability and is available through the Esri Support website. Users should also implement the 2025 Top 3 New Critical Security Recommendations.
Added: Sep 29, 2025, 7:22 PM
Updated: Sep 29, 2025, 7:40 PM
Vulnerability Rating
Custom Algorithm
spread
3.1impact
1.0exploitability
4.5remediation
7.7relevance
0.6threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.