CVE-2023-25837 in Portal Sites
Summary
by MITRE • 07/21/2023
There is a Cross‑Site Scripting (XSS) vulnerability in Esri ArcGIS Enterprise Sites versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which, when clicked by a victim, could result in the execution of arbitrary JavaScript code in the target’s browser. Exploitation requires high‑privileged authenticated access. Successful exploitation may allow the attacker to access sensitive session data, manipulate trusted content, and disrupt normal application functionality, resulting in a high impact to confidentiality, integrity, and availability.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 02/13/2026
The vulnerability identified as CVE-2023-25837 represents a critical cross-site scripting flaw within Esri ArcGIS Enterprise Sites platform versions 10.9 and earlier. This security weakness resides in the application's handling of user-supplied input within web interfaces, specifically affecting the way the system processes and renders dynamic content. The flaw enables malicious actors with elevated privileges to craft specially designed links that can execute arbitrary JavaScript code when accessed by unsuspecting users. The vulnerability's classification as high impact stems from its potential to compromise the entire web application ecosystem and the sensitive data it manages.
The technical implementation of this XSS vulnerability occurs through improper input validation and output encoding mechanisms within the ArcGIS Enterprise Sites framework. When authenticated users with administrative privileges create or modify content that gets rendered in web pages, the system fails to adequately sanitize user-provided data before incorporating it into dynamic HTML responses. This allows attackers to inject malicious script payloads that execute within the victim's browser context. The vulnerability specifically affects the application's content management and user interface rendering components, where user-generated content is processed without sufficient security controls to prevent script injection attacks.
Operational exploitation of this vulnerability requires an attacker to possess high-privileged authenticated access to the system, which significantly reduces the attack surface but does not eliminate the risk entirely. Once compromised, attackers can leverage this flaw to steal session cookies and authentication tokens, effectively impersonating legitimate users within the ArcGIS environment. The impact extends beyond simple data theft, as malicious actors can manipulate trusted content displayed to other users, potentially redirecting them to malicious websites or injecting harmful scripts into the application's interface. This capability compromises the application's integrity and availability by allowing attackers to disrupt normal operations through content manipulation and session hijacking attacks.
The security implications of CVE-2023-25837 align with CWE-79, which specifically addresses cross-site scripting vulnerabilities in web applications. This weakness falls under the broader category of injection flaws that compromise web application security and can be exploited to bypass access controls and manipulate application behavior. The vulnerability's exploitation pattern matches techniques documented in the attack tactics and techniques framework, particularly those related to credential access and privilege escalation through web-based attacks. Organizations utilizing ArcGIS Enterprise Sites should implement immediate mitigations including input validation controls, output encoding mechanisms, and comprehensive session management protocols to prevent exploitation of this vulnerability. The recommended remediation approach involves applying the vendor's security patches and implementing additional defensive measures such as content security policies and web application firewalls to provide layered protection against similar attacks.
This vulnerability demonstrates the critical importance of maintaining up-to-date security controls in enterprise GIS platforms, where the compromise of web interfaces can lead to widespread data exposure and operational disruption. The high-impact nature of the flaw necessitates immediate attention from security teams responsible for protecting enterprise mapping and spatial data infrastructure. Organizations should conduct thorough vulnerability assessments to identify similar weaknesses in their web applications and implement comprehensive security monitoring to detect potential exploitation attempts. The incident underscores the need for robust security practices in geospatial information systems where the integrity of mapping data and user sessions directly impacts operational security and business continuity.