Primary

Context

Esri Portal for ArcGIS Reflected Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in Esri Portal for ArcGIS versions 11.4 and earlier. This vulnerability allows a remote authenticated attacker with administrative privileges to inject a crafted string that executes arbitrary JavaScript in the victim's browser.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can execute malicious scripts in the context of the user's browser session.

Remediation

Esri has released a security patch for Portal for ArcGIS in 2025 Update 3. This patch addresses this vulnerability and should be applied as soon as possible. Instructions for downloading the patch are available on the Esri Support website.

Added: Sep 29, 2025, 7:20 PM

Updated: Sep 29, 2025, 7:38 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

1.0

exploitability

4.5

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

1.0

exploitability

4.5

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Esri Portal for ArcGIS Reflected Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Esri Portal for ArcGIS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating