There is a reflected HTML injection vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below that may allow a remote, unauthenticated malicious user to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
esri portal for arcgis |