Stored Cross Site Scripting (XSS) Vulnerability in Esri Portal for ArcGIS Configurable Apps

Stored Cross Site Scripting (XSS) Vulnerability in Esri Portal for ArcGIS Configurable Apps

CVE-2022-38190 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS configurable apps may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser

Learn more about our User Device Pen Test.