CVE-2024-25702

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Oct 4, 2024

Updated: Oct 16, 2024

CWE ID 79

Summary

CVE-2024-25702 is a stored Cross-site Scripting (XSS) vulnerability affecting Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 to 11.1. This issue allows a remote, authenticated attacker to craft a malicious link that, when stored in the site configuration, can trigger the execution of arbitrary JavaScript code in the victim's browser upon clicking. The attacker requires high privileges to exploit this vulnerability, potentially resulting in the disclosure of privileged tokens and granting the attacker full control of the Portal.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Portal for ArcGIS
Esri Portal for ArcGIS

Affected Vendors

Esri

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/udtuI0
https://www.cve.org/CVERecord?id=CVE-2024-25702
https://nvd.nist.gov/vuln/detail/CVE-2024-25702

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners