CNNVD-202509-4369 Information
CNNVD ID
CNNVD-202509-4369
Related CVE
- CNNVD Published: 2025-09-29
Description (Chinese)
Esri Portal For ArcGIS是Esri公司的一种允许在组织内与其他人共享地图、场景、应用程序和其他地理信息的组件。 Esri Portal for ArcGIS 11.4及之前版本存在跨站脚本漏洞,该漏洞源于存储型跨站脚本漏洞,可能导致远程攻击者注入恶意文件并执行任意JavaScript代码。
Description (English)
Esri Portal For ArcGIS is a component of Esri that allows for the sharing of maps, scenes, applications and other geographic information within the organization. Esri Portal for ArcGIS 11.4 and earlier versions had a cross-site script loophole, which originated from a storage-type cross-site script loophole, which could result in remote assailants injecting malicious documents and implementing random JavaScript codes.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
环境系统研究所
Published
2025-09-29
Last Modified
2026-02-24
References
https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2025-update-3-patch https://vigilance.fr/vulnerability/Portal-for-ArcGIS-multiple-vulnerabilities-dated-16-09-2025-48236