Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
esri arcgis vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-38203
Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated malicious user to forge requests to arbitrary URLs from the system, potentially lead...
Esri Portal For Arcgis
NA
CVE-2022-38205
In some non-default installations of Esri Portal for ArcGIS versions 10.9.1 and below, a directory traversal issue may allow a remote, unauthenticated malicious user to traverse the file system and lead to the disclosure of sensitive data (not customer-published content).
Esri Portal For Arcgis
NA
CVE-2022-38206
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote remote, unauthenticated malicious user to create a crafted link which when clicked could execute arbitrary JavaScript code in the victim’s browser.
Esri Portal For Arcgis
NA
CVE-2022-38208
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11 and below that may allow a remote, unauthenticated malicious user to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
Esri Portal For Arcgis
NA
CVE-2022-38209
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated malicious user to create a crafted link which when clicked could execute arbitrary JavaScript code in the victim’s browser.
Esri Portal For Arcgis
NA
CVE-2022-38210
There is a reflected HTML injection vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below that may allow a remote, unauthenticated malicious user to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser.
Esri Portal For Arcgis
NA
CVE-2023-25833
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated malicious user to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or custo...
Esri Portal For Arcgis
NA
CVE-2023-25835
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 – 11.1 that may allow a remote, authenticated malicious user to create a crafted link that is stored in the site configuration which when clicked could potential...
Esri Portal For Arcgis
NA
CVE-2023-25836
There is a Cross-site Scripting vulnerability in Esri Portal Sites in versions 10.8.1 – 10.9 that may allow a remote, authenticated malicious user to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The pr...
Esri Portal For Arcgis
NA
CVE-2023-25838
There is SQL injection vulnerability in Esri ArcGIS Insights 2022.1 for ArcGIS Enterprise and that may allow a remote, authorized malicious user to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit...
Esri Arcgis Insights 2022.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »