| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-25708 | Persistent XSS when creating new application using Web App Builder | Esri | ArcGIS Enterprise Web App Builder | Medium | 4.8 | 2024-04-04 17:52:49 | Deep Dive |
| CVE-2024-25692 | BUG-000154722 - Cross-site request forgery (CSRF) issue in Portal for ArcGIS | Esri | Portal for ArcGIS | Medium | 5.4 | 2024-04-04 17:51:48 | Deep Dive |
| CVE-2023-25848 | BUG-000158039 - There is an information disclosure issue in ArcGIS Server. | Esri | ArcGIS Enterprise Server | Medium | 5.3 | 2023-08-25 18:44:14 | Deep Dive |
| CVE-2023-25841 | BUG-000158075 Stored XSS issue in ArcGIS Server | Esri | ArcGIS Enterprise Server | Medium | 6.1 | 2023-07-21 18:38:24 | Deep Dive |
| CVE-2023-25840 | BUG-000154070 Stored XSS issue in the ArcGIS REST Services directory | Esri | ArcGIS Enterprise Server | Low | 3.4 | 2023-07-21 18:37:34 | Deep Dive |
| CVE-2023-25837 | BUG-000133088 - ArcGIS Enterprise site builder is subject to stored XSS. | Esri | Portal for ArcGIS Sites | High | 8.4 | 2023-07-21 03:42:25 | Deep Dive |
| CVE-2023-25836 | BUG-000135364 XSS in 10.8.1 sites builder iframe source | Esri | Portal for ArcGIS Sites | Medium | 5.4 | 2023-07-21 03:41:09 | Deep Dive |
| CVE-2023-25835 | BUG-000153659 ArcGIS Enterprise Sites has a stored XSS vulnerability | Esri | Portal for ArcGIS Sites | High | 8.4 | 2023-07-20 23:30:50 | Deep Dive |
| CVE-2023-25839 | BUG-000157278 – ArcGIS Insights has a security vulnerability - desktop | Esri | ArcGIS Insights | High | 7.0 | 2023-07-19 15:45:47 | Deep Dive |
| CVE-2023-25838 | BUG-000157278 – ArcGIS Insights has a security vulnerability. | Esri | ArcGIS Insights | High | 7.5 | 2023-07-19 15:37:15 | Deep Dive |
| CVE-2023-25833 | BUG-000155004 HTML injection issue in Portal for ArcGIS. | Esri | Portal for ArcGIS | Medium | 5.4 | 2023-05-10 00:00:00 | Deep Dive |
| CVE-2023-25831 | BUG-000154236 There is a reflected cross-site scripting (XSS) vulnerability in Portal for ArcGIS. | Esri | Portal for ArcGIS | Medium | 6.1 | 2023-05-09 20:45:20 | Deep Dive |
| CVE-2023-25830 | BUG-000154662 Reflected XSS vulnerability in Portal for ArcGIS | Esri | Portal for ArcGIS | Medium | 6.1 | 2023-05-09 16:31:21 | Deep Dive |
| CVE-2023-25829 | BUG-000155001 - Unvalidated redirect in Portal for ArcGIS. | Esri | Portal for ArcGIS | Medium | 6.1 | 2023-05-09 16:00:29 | Deep Dive |
| CVE-2023-25832 | BUG-000148346 There is a Cross-Site Request Forgery (CSRF) vulnerability in Portal for ArcGIS. | Esri | Portal for ArcGIS | High | 8.8 | 2023-05-09 00:00:00 | Deep Dive |
| CVE-2023-25834 | BUG-000142922 Incomplete permission changes in specific cases. | Esri | Portal for ArcGIS | Medium | 5.4 | 2023-05-09 00:00:00 | Deep Dive |
| CVE-2022-38203 | The allowedProxyHosts property is not fully honored in ArcGIS Enterprise (10.8.1 and 10.7.1 only) | Esri | Portal for ArcGIS | High | 7.5 | 2022-12-30 05:13:00 | Deep Dive |
| CVE-2022-38204 | Reflected XSS vulnerability in Portal for ArcGIS (10.8.1 and 10.7.1 only) | Esri | ArcGIS Enterprise | Medium | 6.1 | 2022-12-30 05:13:00 | Deep Dive |
| CVE-2022-38205 | Portal for ArcGIS has a directory traversal vulnerability (10.9.1, 10.8.1 and 10.7.1 only) | Esri | ArcGIS Enterprise | High | 8.6 | 2022-12-30 05:13:00 | Deep Dive |
| CVE-2022-38206 | Reflected XSS vulnerability in Portal for ArcGIS (10.9.1, 10.8.1 and 10.7.1 only) | Esri | ArcGIS Enterprise | Medium | 6.1 | 2022-12-30 05:13:00 | Deep Dive |