There is a Cross-site Scripting vulnerability in Esri Portal Sites in versions 10.8.1 – 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. The privileges required to execute this attack are low.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Esri
Published: 2023-07-21T03:41:09.485Z
Updated: 2023-11-30T15:24:14.908Z
Reserved: 2023-02-15T17:59:31.097Z
Link: CVE-2023-25836
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-07-21T04:15:11.917
Modified: 2023-08-07T19:33:38.560
Link: CVE-2023-25836
JSON object: View
Redhat Information
No data.
CWE