CVE-2024-25696

CVE-2024-25696 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions <=11.0 that may allow a remote, authenticated attacker to create a crafted link which when accessing the page editor an image will render in the victim’s browser. The privileges required to execute this attack are high.

Learn more about our Web Application Penetration Testing UK.