CNNVD-202509-4371 Information
CNNVD ID
CNNVD-202509-4371
Related CVE
- CNNVD Published: 2025-09-29
Description (Chinese)
Esri Portal For ArcGIS是Esri公司的一种允许在组织内与其他人共享地图、场景、应用程序和其他地理信息的组件。 Esri Portal For ArcGIS 11.4及之前版本存在跨站脚本漏洞,该漏洞源于远程认证攻击者可提供特制字符串,可能导致反射型跨站脚本攻击。
Description (English)
Esri Portal For ArcGIS is a component of Esri that allows for the sharing of maps, scenes, applications and other geographic information within the organization. Esri Portal For ArcGIS 11.4 and earlier versions had a cross-site script loophole, which stemmed from the remote authentication that the assailant could provide a special string and could result in a reflex-type cross-site script attack.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
环境系统研究所
Published
2025-09-29
Last Modified
2026-02-24
References
https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2025-update-3-patch https://vigilance.fr/vulnerability/Portal-for-ArcGIS-multiple-vulnerabilities-dated-16-09-2025-48236