There is a Cross-site Scripting vulnerability in Esri ArcGIS Enterprise Sites versions 10.8.1 – 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked by a victim could potentially execute arbitrary JavaScript code in the target's browser. The privileges required to execute this attack are high.
The impact to Confidentiality, Integrity and Availability are High.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Esri
Published: 2023-07-21T03:42:24.610Z
Updated: 2024-01-29T21:26:29.386Z
Reserved: 2023-02-15T17:59:31.097Z
Link: CVE-2023-25837
JSON object: View
NVD Information
Status : Modified
Published: 2023-07-21T04:15:12.377
Modified: 2024-01-29T22:15:08.220
Link: CVE-2023-25837
JSON object: View
Redhat Information
No data.
CWE