Volerion logoVolerion
Volerion logoVolerion

Esri Portal for ArcGIS Reflected Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in Esri Portal for ArcGIS versions 11.4 and earlier. This vulnerability allows a remote authenticated attacker with administrative privileges to inject a crafted string that executes arbitrary JavaScript in the victim's browser.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can execute malicious scripts in the context of the user's browser session.

Remediation

Esri has released a security patch for Portal for ArcGIS 2025 Update 3, which addresses this vulnerability. Instructions for applying the patch are available on the Esri Support website.

Added: Sep 29, 2025, 7:19 PM
Updated: Sep 29, 2025, 7:37 PM

Vulnerability Rating

Custom Algorithm
spread
3.1
impact
1.7
exploitability
4.5
remediation
7.7
relevance
0.6
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.