{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T23:13:58.207","vulnerabilities":[{"cve":{"id":"CVE-2024-38039","sourceIdentifier":"psirt@esri.com","published":"2024-10-04T18:15:07.633","lastModified":"2024-10-15T14:34:00.893","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or customer data rendered)."},{"lang":"es","value":"Hay una vulnerabilidad de inyección HTML en Esri Portal for ArcGIS versiones 11.0 y anteriores que puede permitir que un atacante remoto y autenticado cree un enlace diseñado que, al hacer clic, podría generar HTML arbitrario en el navegador de la víctima (no se realizan cambios con estado ni se representan datos del cliente)."}],"metrics":{"cvssMetricV31":[{"source":"psirt@esri.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"psirt@esri.com","type":"Secondary","description":[{"lang":"en","value":"CWE-80"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:esri:portal_for_arcgis:*:*:*:*:*:*:*:*","versionEndIncluding":"11.0","matchCriteriaId":"6BE67D5A-F389-4819-BEF6-F17CE6114D54"}]}]}],"references":[{"url":"https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2024-update-2-released/","source":"psirt@esri.com","tags":["Vendor Advisory"]}]}}]}