Vulnerabilities in Esri
150 resultsCVE-2024-51962HIGHSQL injection vulnerability in ArcGIS ServerEPSS 0.5%CVE-2024-25705MEDIUMCross site scripting issue in embed widgetEPSS 0.5%CVE-2024-25690MEDIUMHTML injection in ArcGIS Web AppBuilderEPSS 0.5%CVE-2024-38040HIGHBUG-000167984 - Portal for ArcGIS has a Local file inclusion (LFI) vulnerabilityEPSS 0.5%CVE-2024-25695HIGHconcatenated errors resulting in cross site scripting and frame injection issues.EPSS 0.5%CVE-2024-25709MEDIUMSelf-XSS style in move item dialogEPSS 0.5%CVE-2023-25833MEDIUMBUG-000155004 HTML injection issue in Portal for ArcGIS.EPSS 0.4%CVE-2024-51961HIGHLocal file inclusion (LFI) vulnerability in ArcGIS ServerEPSS 0.4%CVE-2024-25698MEDIUMReflected XSS in Portal for ArcGISEPSS 0.4%CVE-2024-25706MEDIUMHTMLi at createFolder Content InjectionEPSS 0.4%CVE-2021-29117HIGHarcreader use-after-freeEPSS 0.4%CVE-2025-4967CRITICALServer Side Request Forgery (SSRF) vulnerability in Portal for ArcGISEPSS 0.4%CVE-2024-8149MEDIUMBUG-000168624 - Unvalidated redirect in Portal for ArcGIS.EPSS 0.4%CVE-2023-25840LOWBUG-000154070 Stored XSS issue in the ArcGIS REST Services directoryEPSS 0.4%CVE-2024-25697MEDIUMStored XSS in Portal for ArcGISEPSS 0.4%CVE-2022-38195MEDIUMBUG-000150540 - Reflected XSS vulnerability in ArcGIS ServerEPSS 0.4%CVE-2024-25700MEDIUMPersistent XSS in URL added to a shared mapEPSS 0.4%CVE-2024-25696MEDIUMStored XSS in Portal for ArcGISEPSS 0.4%CVE-2024-25708MEDIUMPersistent XSS when creating new application using Web App BuilderEPSS 0.4%CVE-2025-1726MEDIUM[#BUG-000172669 ArcGIS Monitor has a security vulnerability]EPSS 0.4%