Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Portal for ArcGIS — Vulnerabilities & Security Advisories 50

All 50 CVE vulnerabilities found in Portal for ArcGIS, with AI-generated Chinese analysis, references, and POCs.

Vendor: Esri

CVE IDTitleCVSSSeverityPublished
CVE-2023-25833 BUG-000155004 HTML injection issue in Portal for ArcGIS. CWE-80 5.4 Medium2023-05-10
CVE-2023-25831 BUG-000154236 There is a reflected cross-site scripting (XSS) vulnerability in Portal for ArcGIS. CWE-79 6.1 Medium2023-05-09
CVE-2023-25830 BUG-000154662 Reflected XSS vulnerability in Portal for ArcGIS CWE-79 6.1 Medium2023-05-09
CVE-2023-25829 BUG-000155001 - Unvalidated redirect in Portal for ArcGIS. CWE-601 6.1 Medium2023-05-09
CVE-2023-25834 BUG-000142922 Incomplete permission changes in specific cases. CWE-269 5.4 Medium2023-05-09
CVE-2023-25832 BUG-000148346 There is a Cross-Site Request Forgery (CSRF) vulnerability in Portal for ArcGIS. CWE-352 8.8 High2023-05-09
CVE-2022-38203 The allowedProxyHosts property is not fully honored in ArcGIS Enterprise (10.8.1 and 10.7.1 only) CWE-918 7.5 High2022-12-30
CVE-2022-38189 There is a stored cross-site scripting (XSS) vulnerability in ArcGIS API for JavaScript. CWE-79 5.4 Medium2022-08-16
CVE-2022-38184 There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 CWE-284 7.5 High2022-08-16
CVE-2022-38192 There is a stored cross-site scripting (XSS) vulnerability in ArcGIS API for JavaScript. CWE-79 6.1 Medium2022-08-16
CVE-2022-38193 Code injection issue in Portal for ArcGIS (10.7.1 and 10.8.1) CWE-95 6.1 Medium2022-08-16
CVE-2022-38194 Portal for ArcGIS system properties are not properly encrypted (10.8.1 only) CWE-311 6.7 Medium2022-08-16
CVE-2022-38191 HTML injection vulnerability in Portal for ArcGIS CWE-74 6.1 Medium2022-08-15
CVE-2022-38187 Prevent access to sharing/rest/content/features/analyze to unauthorized users CWE-918 7.5 High2022-08-15
CVE-2022-38188 Esri Portal For ArcGis 跨站脚本漏洞 CWE-79 6.1 -2022-08-15
CVE-2022-38190 Stored cross-site scripting vulnerability in Esri Portal for ArcGIS Configurable Apps CWE-79 6.1 Medium2022-08-15
CVE-2022-38186 Esri Portal For ArcGis 跨站脚本漏洞 CWE-79 6.1 -2022-08-15
CVE-2021-29110 Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application. CWE-79 5.4 -2021-10-01
CVE-2021-29109 A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9. CWE-79 6.1 -2021-10-01
CVE-2021-29108 There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below. CWE-347 8.8 High2021-10-01

All 50 known CVE vulnerabilities affecting Portal for ArcGIS with full Chinese analysis, references, and POCs where available.