{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T20:51:54.770","vulnerabilities":[{"cve":{"id":"CVE-2024-25700","sourceIdentifier":"psirt@esri.com","published":"2024-04-04T18:15:11.837","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in a web map link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.  The privileges required to execute this attack are high."},{"lang":"es","value":"Hay una vulnerabilidad de cross-site scripting almacenado en Esri Portal for ArcGIS Enterprise Web App Builder versiones 11.1 e inferiores que puede permitir a un atacante remoto y autenticado crear un enlace manipulado que se almacena en un enlace de mapa web que, al hacer clic, podría ejecutar código JavaScript arbitrario en el navegador de la víctima. Los privilegios necesarios para ejecutar este ataque son altos."}],"metrics":{"cvssMetricV31":[{"source":"psirt@esri.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}]},"weaknesses":[{"source":"psirt@esri.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2024-update-2/","source":"psirt@esri.com"}]}}]}