Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Esri — Vulnerabilities & Security Advisories 147

Browse all 147 CVE security advisories affecting Esri. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Esri:ArcGIS ServerPortal for ArcGISArcGIS EnterpriseArcReaderPortal for ArcGIS Enterprise SitesArcGIS Enterprise Web App BuilderArcGIS Enterprise ServerPortal for ArcGIS SitesArcGIS QuickcapturePortal for ArcGIS Enterprise Experience BuilderArcGIS ProArcGIS InsightsArcGIS GeoEvent ServerPortal for ArcGIS ArcGIS Enterprise BuilderEnterprise Web App BuilderArcGIS AllSourceArcGIS MonitorArcGIS EarthPortal for ArcGIS Enterprise Experience SitesArcGIS Web AppBuilder {Developer Edition)
CVE IDTitleCVSSSeverityPublished
CVE-2023-25830 BUG-000154662 Reflected XSS vulnerability in Portal for ArcGIS — Portal for ArcGISCWE-79 6.1 Medium2023-05-09
CVE-2023-25829 BUG-000155001 - Unvalidated redirect in Portal for ArcGIS. — Portal for ArcGISCWE-601 6.1 Medium2023-05-09
CVE-2023-25834 BUG-000142922 Incomplete permission changes in specific cases. — Portal for ArcGISCWE-269 5.4 Medium2023-05-09
CVE-2023-25832 BUG-000148346 There is a Cross-Site Request Forgery (CSRF) vulnerability in Portal for ArcGIS. — Portal for ArcGISCWE-352 8.8 High2023-05-09
CVE-2022-38203 The allowedProxyHosts property is not fully honored in ArcGIS Enterprise (10.8.1 and 10.7.1 only) — Portal for ArcGISCWE-918 7.5 High2022-12-30
CVE-2022-38204 Reflected XSS vulnerability in Portal for ArcGIS (10.8.1 and 10.7.1 only) — ArcGIS EnterpriseCWE-79 6.1 Medium2022-12-30
CVE-2022-38205 Portal for ArcGIS has a directory traversal vulnerability (10.9.1, 10.8.1 and 10.7.1 only) — ArcGIS EnterpriseCWE-23 8.6 High2022-12-30
CVE-2022-38206 Reflected XSS vulnerability in Portal for ArcGIS (10.9.1, 10.8.1 and 10.7.1 only) — ArcGIS EnterpriseCWE-79 6.1 Medium2022-12-30
CVE-2022-38207 Reflected XSS vulnerability in Portal for ArcGIS (10.8.1 and 10.7.1 only) — ArcGIS EnterpriseCWE-79 6.1 Medium2022-12-30
CVE-2022-38208 Unvalidated redirect in Portal for ArcGIS — ArcGIS EnterpriseCWE-601 6.1 Medium2022-12-30
CVE-2022-38209 Reflected XSS vulnerability in Portal for ArcGIS — ArcGIS QuickcaptureCWE-79 6.1 Medium2022-12-30
CVE-2022-38210 HTML injection in accountswitcher-callback.html (10.9.1, 10.8.1 and 10.7.1 only) — ArcGIS EnterpriseCWE-80 6.1 Medium2022-12-30
CVE-2022-38211 Server Side Request Forgery (SSRF) vulnerability in Portal for ArcGIS (10.9.1, 10.8.1 and 10.7.1 only) — ArcGIS EnterpriseCWE-918 7.5 High2022-12-30
CVE-2022-38212 Server Side Request Forgery (SSRF) vulnerability in Portal for ArcGIS (10.8.1 and 10.7.1 only) — ArcGIS EnterpriseCWE-918 7.5 High2022-12-30
CVE-2022-38202 BUG-000152121 - Directory traversal vulnerability in ArcGIS Server. — ArcGIS ServerCWE-23 7.5 High2022-12-28
CVE-2022-38201 An unvalidated redirect vulnerability exists in Esri ArcGIS Quick Capture Web Designer versions 10.8.1 to 10.9.1. — ArcGIS QuickcaptureCWE-601 6.1 Medium2022-11-15
CVE-2022-38195 BUG-000150540 - Reflected XSS vulnerability in ArcGIS Server — ArcGIS ServerCWE-79 6.1 Medium2022-10-25
CVE-2022-38196 BUG-000150537 - ArcGIS Server has a local file inclusion (LFI) vulnerability — ArcGIS ServerCWE-22 6.5 Medium2022-10-25
CVE-2022-38197 BUG-000148347 Unvalidated redirect issues in ArcGIS Server. — ArcGIS ServerCWE-601 6.1 Medium2022-10-25
CVE-2022-38198 BUG-000146513 - Reflected XSS vulnerability in ArcGIS Server — ArcGIS ServerCWE-79 6.1 Medium2022-10-25
CVE-2022-38199 BUG-000144172 - Remote file download issue in ArcGIS Server — ArcGIS ServerCWE-494 6.1 Medium2022-10-25
CVE-2022-38200 BUG-000142376 - Reflected Cross-Site Scripting (XSS) vulnerability in ArcGIS Server. — ArcGIS ServerCWE-79 6.1 Medium2022-10-25
CVE-2022-38189 There is a stored cross-site scripting (XSS) vulnerability in ArcGIS API for JavaScript. — Portal for ArcGISCWE-79 5.4 Medium2022-08-16
CVE-2022-38184 There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 — Portal for ArcGISCWE-284 7.5 High2022-08-16
CVE-2022-38192 There is a stored cross-site scripting (XSS) vulnerability in ArcGIS API for JavaScript. — Portal for ArcGISCWE-79 6.1 Medium2022-08-16
CVE-2022-38193 Code injection issue in Portal for ArcGIS (10.7.1 and 10.8.1) — Portal for ArcGISCWE-95 6.1 Medium2022-08-16
CVE-2022-38194 Portal for ArcGIS system properties are not properly encrypted (10.8.1 only) — Portal for ArcGISCWE-311 6.7 Medium2022-08-16
CVE-2022-38191 HTML injection vulnerability in Portal for ArcGIS — Portal for ArcGISCWE-74 6.1 Medium2022-08-15
CVE-2022-38187 Prevent access to sharing/rest/content/features/analyze to unauthorized users — Portal for ArcGISCWE-918 7.5 High2022-08-15
CVE-2022-38188 Esri Portal For ArcGis 跨站脚本漏洞 — Portal for ArcGISCWE-79 6.1 -2022-08-15

This page lists every published CVE security advisory associated with Esri. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.