Cross-site Scripting Vulnerability in Esri Portal Sites (Versions 10.8.1 – 10.9)

Cross-site Scripting Vulnerability in Esri Portal Sites (Versions 10.8.1 – 10.9)

CVE-2023-25836 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

There is a Cross-site Scripting vulnerability in Esri Portal Sites in versions 10.8.1 – 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser.  The privileges required to execute this attack are low.

Learn more about our Web Application Penetration Testing UK.