Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
esri arcgis vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-25833
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated malicious user to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or custo...
Esri Portal For Arcgis
NA
CVE-2023-25834
Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access.
Esri Portal For Arcgis
NA
CVE-2023-25835
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 – 11.1 that may allow a remote, authenticated malicious user to create a crafted link that is stored in the site configuration which when clicked could potential...
Esri Portal For Arcgis
NA
CVE-2023-25836
There is a Cross-site Scripting vulnerability in Esri Portal Sites in versions 10.8.1 – 10.9 that may allow a remote, authenticated malicious user to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The pr...
Esri Portal For Arcgis
NA
CVE-2023-25837
There is a Cross-site Scripting vulnerability in Esri ArcGIS Enterprise Sites versions 10.8.1 – 10.9 that may allow a remote, authenticated malicious user to create a crafted link which when clicked by a victim could potentially execute arbitrary JavaScript code in the tar...
Esri Portal For Arcgis
NA
CVE-2023-25838
There is SQL injection vulnerability in Esri ArcGIS Insights 2022.1 for ArcGIS Enterprise and that may allow a remote, authorized malicious user to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit...
Esri Arcgis Insights 2022.1
312
VMScore
CVE-2019-16193
In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a Cross Frame Scripting (XFS) attack through the EDIT MY PROFILE feature.
Esri Arcgis Enterprise 10.6.1
578
VMScore
CVE-2021-29108
There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker who is able to intercept and modify a SAML assertion to impersonate another account (XML Signature Wrap...
Esri Portal For Arcgis
312
VMScore
CVE-2021-29110
Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may allow a remote unauthenticated malicious user to pass and store malicious strings in the home application.
Esri Portal For Arcgis
383
VMScore
CVE-2014-5121
Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1.1 allow remote malicious users to inject arbitrary web script or HTML via unspecified parameters.
Esri Arcgis Server 10.1.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
NEXT »