CVE-2025-55104

Medium CVSS: 4.8

A stored cross-site scripting (XSS) vulnerability exists ArcGIS HUB and ArcGIS Enterprise Sites which allows an authenticated user with the ability to create or edit a site to add and store an XSS payload. If this stored XSS payload is triggered by any user attacker supplied JavaScript may execute in the victim's browser.

Vendor

Esri

Product

Portal For Arcgis

CWE

CWE-79

Yayın Tarihi

2025-08-21 20:15:46

Güncelleme

2025-09-05 15:10:03

Source Identifier

psirt@esri.com

KEV Date Added

Kategoriler

CWE-79 Portal For Arcgis MEDIUM Esri 2025

Referanslar

https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/2925891-2

Benzer Kayıtlar

Medium

CVE-2026-1446

There is a Cross‑Site Scripting (XSS) issue in Esri ArcGIS Pro versions 3.6.0 and earlier. ArcGIS Pro is a desktop appli…

Medium

CVE-2025-67709