Vulnerability Description
There is a cross‑site scripting (XSS) vulnerability in Esri Portal for ArcGIS Experience Builder versions 11.1 and below on Windows and Linux that allows a remote, authenticated attacker with low‑privileged access to create a crafted link which, when clicked, could potentially execute arbitrary JavaScript code in the victim’s browser. Exploitation requires basic authenticated access but does not require elevated or administrative privileges, indicating low privileges are required.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Esri | Portal For Arcgis | <= 11.1 |
| Linux | Linux Kernel | - |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2024-25705?
CVE-2024-25705 is a vulnerability with a CVSS score of 5.4 (MEDIUM). There is a cross‑site scripting (XSS) vulnerability in Esri Portal for ArcGIS Experience Builder versions 11.1 and below on Windows and Linux that allows a remote, authenticated attacker with low‑priv...
How severe is CVE-2024-25705?
CVE-2024-25705 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-25705?
Check the references section above for vendor advisories and patch information. Affected products include: Esri Portal For Arcgis, Linux Linux Kernel, Microsoft Windows.