CVE-2022-38189 Information

Description

A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser.

Reference

https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2022-update-1-patch/