CNNVD-202508-2552 Information
CNNVD ID
CNNVD-202508-2552
Related CVE
- CNNVD Published: 2025-08-21
Description (Chinese)
Esri Portal for ArcGIS Enterprise Sites是美国Esri公司的一款地理信息门户发布软件。 Esri Portal for ArcGIS Enterprise Sites 10.9.1至11.4版本存在跨站脚本漏洞,该漏洞源于容易受到存储型跨站脚本攻击,可能导致执行任意JavaScript代码。
Description (English)
Esri Portal for ArcGIS Enterpriseites is a geo-information portal publishing software for the United States company Esri. Versions 10.9.1 to 11.4 of Esri Portal for ArcGIS Enterpriseites contain a cross-site script loophole, which stems from their vulnerability to storage-type cross-station script attacks and may lead to the implementation of arbitrary JavaScript codes.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
环境系统研究所
Published
2025-08-21
Last Modified
2026-02-24
References
https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/2925891-2 https://nvd.nist.gov/vuln/detail/CVE-2025-55106
Patch
https://support.esri.com/en-us/products/arcgis-enterprise/life-cycle
Share on: