CVE-2025-55107
BUG-000177335 ArcGIS Enterprise Sites has a stored Cross-site Scripting vulnerability.
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 4.8EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
21 ago 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
There is a stored
Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites
versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to
inject malicious a file with an embedded xss script which when loaded could
potentially execute arbitrary JavaScript code in the victim’s browser. The
privileges required to execute this attack are high. The attack could
disclose a privileged token which may result in the attacker gaining full
control of the Portal.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Produtos afetados
Esri · Portal for ArcGIS Enterprise SitesQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →