There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated malicious user to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or customer data rendered).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
esri portal for arcgis |