CVE-2025-55103
BUG-000177333 - ArcGIS Enterprise Sites has a stored Cross-site Scripting vulnerability.
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 4.8EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
21 ago 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Produtos afetados
Esri · Portal for ArcGIS Enterprise SitesQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →