CNNVD-202509-4375 Information
Sep 29, 2025
cve
CNNVD ID
CNNVD-202509-4375
Related CVE
- CNNVD Published: 2025-09-29
Description (Chinese)
Esri Portal For ArcGIS是Esri公司的一种允许在组织内与其他人共享地图、场景、应用程序和其他地理信息的组件。 Esri Portal For ArcGIS 11.4及之前版本存在跨站脚本漏洞,该漏洞源于未验证输入,可能导致反射型跨站脚本攻击。
Description (English)
Esri Portal For ArcGIS is a component of Esri that allows for the sharing of maps, scenes, applications and other geographic information within the organization. Esri Portal For ArcGIS 11.4 and earlier versions had a cross-site script loophole, which originated from unverified input and could lead to a reflective cross-site script attack.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
环境系统研究所
Published
2025-09-29
Last Modified
2026-02-24
References
https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2025-update-3-patch https://vigilance.fr/vulnerability/Portal-for-ArcGIS-multiple-vulnerabilities-dated-16-09-2025-48236