Esri ArcGIS Enterprise fino a 11.1 Link cross site scripting 🚫 [Falso positivo]

Avvisoinformazioni

⚠️ Questo problema sembra essere un falso positivo. Si prega di verificare le fonti menzionate e di considerare di non utilizzare affatto questa voce.

Prodottoinformazioni

Fornitore

Nome

Versione

Licenza

Sequenza temporaleinformazioni

09/02/2024 🔍
04/04/2024 +54 giorni 🔍
04/04/2024 +0 giorni 🔍
06/01/2025 +277 giorni 🔍

Fontiinformazioni

Avis: esri.com
Falso positivo: Si

CVE: CVE-2024-25700 (🔍)
GCVE (CVE): GCVE-0-2024-25700
GCVE (VulDB): GCVE-100-259416

Voceinformazioni

Data di creazione: 05/04/2024 00:02
Aggiornato: 06/01/2025 14:06
Cambiamenti: 05/04/2024 00:02 (62), 05/04/2024 10:04 (1), 06/01/2025 14:06 (1)
Completa: 🔍
Cache ID: 216::103

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Discussione

 Anonymous User (+0)
2 anni fa
Good morning,
The official description provided by NVD Nist is:
"There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions <= 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in a web map link which when clicked could potentially execute arbitrary JavaScript code in the victim's browser. The privileges required to execute this attack are high. "
Therefore, could you also add the "esri:portal_for_arcgis" cpe?
We would appreciate it very much,
Best Rgards,
TEAM CERT
 VulDB Community Team2 anni fa
Esri published the CVEs and declared the products mentioned in the JSON files. Their summaries do contradict this somehow. We have tried to align it with the best possible CPE values.

PrecedenteVisione D'ensembleIl prossimo

Want to know what is going to be exploited?

We predict KEV entries!