Stored Cross Site Scripting (XSS) Vulnerability in Esri Portal for ArcGIS

Stored Cross Site Scripting (XSS) Vulnerability in Esri Portal for ArcGIS

CVE-2022-38189 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser.

Learn more about our User Device Pen Test.