Esri ArcGIS Enterprise bis 11.1 Link Cross Site Scripting 🚫 [False-Positive]

Hinweisinfo

⚠️ Es sieht so aus, als handele es sich hierbei um einen Fehlalarm. Bitte kontrollieren Sie die angegebenen Quellen und ziehen Sie in Betracht, diesen Eintrag gar nicht zu nutzen.

Produktinfo

Hersteller

Name

Version

Lizenz

Timelineinfo

09.02.2024 🔍
04.04.2024 +54 Tage 🔍
04.04.2024 +0 Tage 🔍
06.01.2025 +277 Tage 🔍

Quelleninfo

Advisory: esri.com
False-Positive: Ja

CVE: CVE-2024-25700 (🔍)
GCVE (CVE): GCVE-0-2024-25700
GCVE (VulDB): GCVE-100-259416

Eintraginfo

Erstellt: 05.04.2024 00:02
Aktualisierung: 06.01.2025 14:06
Anpassungen: 05.04.2024 00:02 (62), 05.04.2024 10:04 (1), 06.01.2025 14:06 (1)
Komplett: 🔍
Cache ID: 216::103

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Diskussion

 Anonymous User (+0)
vor 2 Jahren
Good morning,
The official description provided by NVD Nist is:
"There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions <= 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in a web map link which when clicked could potentially execute arbitrary JavaScript code in the victim's browser. The privileges required to execute this attack are high. "
Therefore, could you also add the "esri:portal_for_arcgis" cpe?
We would appreciate it very much,
Best Rgards,
TEAM CERT
 VulDB Community Teamvor 2 Jahren
Esri published the CVEs and declared the products mentioned in the JSON files. Their summaries do contradict this somehow. We have tried to align it with the best possible CPE values.

ZurückÜbersichtWeiter

Want to know what is going to be exploited?

We predict KEV entries!