There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or customer data rendered).
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Esri
Published: 2023-05-10T00:00:00
Updated: 2023-05-22T00:00:00
Reserved: 2023-02-15T00:00:00
Link: CVE-2023-25833
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-05-10T02:15:08.933
Modified: 2024-02-01T15:46:30.307
Link: CVE-2023-25833
JSON object: View
Redhat Information
No data.