VDB-259416 · ~~CVE-2024-25700~~ · ~~GCVE-0-2024-25700~~

Esri ArcGIS Enterprise hasta 11.1 Link secuencias de comandos en sitios cruzados 🚫 [Falso positivo]

Avisoinformación

⚠️ Este problema parece ser un falso positivo. Por favor, verifique las fuentes mencionadas y considere no utilizar esta entrada en absoluto.

Productoinformación

Proveedor

Esri

Nombre

ArcGIS Enterprise

Versión

Licencia

comercial

Línea de tiempoinformación

2024-02-09 🔍
2024-04-04 +54 días 🔍
2024-04-04 +0 días 🔍
2025-01-06 +277 días 🔍

Fuentesinformación

Aviso: esri.com
Falso positivo: Sí

CVE: CVE-2024-25700 (🔍)
GCVE (CVE): GCVE-0-2024-25700
GCVE (VulDB): GCVE-100-259416

Artículoinformación

Fecha de creación: 2024-04-05 00:02
Actualizado: 2025-01-06 14:06
Cambios: 2024-04-05 00:02 (62), 2024-04-05 10:04 (1), 2025-01-06 14:06 (1)
Completo: 🔍
Cache ID: 216::103

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Discusión

Good morning,
The official description provided by NVD Nist is:
"There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions <= 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in a web map link which when clicked could potentially execute arbitrary JavaScript code in the victim's browser. The privileges required to execute this attack are high. "
Therefore, could you also add the "esri:portal_for_arcgis" cpe?
We would appreciate it very much,
Best Rgards,
TEAM CERT

Esri published the CVEs and declared the products mentioned in the JSON files. Their summaries do contradict this somehow. We have tried to align it with the best possible CPE values.

◂ Anterior Visión De Conjunto Próximo ▸

Want to know what is going to be exploited?

We predict KEV entries!