CVE-2024-38039
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
04/10/2024
Last modified:
15/10/2024
Description
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or customer data rendered).
Impact
Base Score 3.x
5.40
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:esri:portal_for_arcgis:*:*:*:*:*:*:*:* | 11.0 (including) |
To consult the complete list of CPE names with products and versions, see this page