{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T15:48:29.323","vulnerabilities":[{"cve":{"id":"CVE-2024-25709","sourceIdentifier":"psirt@esri.com","published":"2024-04-04T18:15:13.340","lastModified":"2026-02-13T19:41:45.883","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"There is a stored Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS versions 11.2 and below that may allow a remote, authenticated attacker to create a crafted link that can be saved as a new location when moving an existing item, which could potentially execute arbitrary JavaScript code in a victim’s browser. Exploitation does not require any privileges and can be performed by an anonymous user."},{"lang":"es","value":"Existe una vulnerabilidad de Cross-site Scripting Almacenado en Esri Portal for ArcGIS versiones 10.8.1 – 1121 que puede permitir que un atacante remoto autenticado cree un vínculo manipulado que se puede guardar como una nueva ubicación al mover un elemento existente, lo que potencialmente ejecutará código JavaScript arbitrario en el navegador de la víctima. Los privilegios necesarios para ejecutar este ataque son altos."}],"metrics":{"cvssMetricV31":[{"source":"psirt@esri.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"psirt@esri.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:esri:portal_for_arcgis:10.8.1:*:*:*:*:*:*:*","matchCriteriaId":"FDE382B5-E228-4803-A3FC-B803C7838777"},{"vulnerable":true,"criteria":"cpe:2.3:a:esri:portal_for_arcgis:10.9.1:*:*:*:*:*:*:*","matchCriteriaId":"1DCD5CA4-4423-4AC2-A9B8-3FCACC4E43ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:esri:portal_for_arcgis:11.0:*:*:*:*:*:*:*","matchCriteriaId":"2A62FCB5-12A6-487C-BCA9-0AD3F11354CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:esri:portal_for_arcgis:11.1:*:*:*:*:*:*:*","matchCriteriaId":"A0DAF61C-E776-4E31-8E39-92636B459A3E"},{"vulnerable":true,"criteria":"cpe:2.3:a:esri:portal_for_arcgis:11.2:*:*:*:*:*:*:*","matchCriteriaId":"F2E37361-8569-4023-BC3E-F36E7607CC7D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2024-update-1/","source":"psirt@esri.com","tags":["Not Applicable"]}]}}]}