CVE-2023-25835

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Jul 21, 2023

Updated: Jan 29, 2024

CWE ID 79

Summary

CVE-2023-25835 is a stored Cross-site Scripting (XSS) vulnerability affecting Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 to 11.1. An authenticated attacker can exploit this flaw by creating a malicious link and storing it in the site configuration. Upon clicking the link, victims' browsers may execute arbitrary JavaScript code, leading to potential data theft, website defacement, or other malicious activities. The required attacker privileges are high, and the impact on Confidentiality, Integrity, and Availability is also considered high.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Esri

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r6Ea9R
https://www.cve.org/CVERecord?id=CVE-2023-25835
https://nvd.nist.gov/vuln/detail/CVE-2023-25835

Back to Vulnerability Database

CVE-2023-25835

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations