CVE-2022-38210

There is a reflected HTML injection vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser.
Configurations

Configuration 1 (hide)

cpe:2.3:a:esri:portal_for_arcgis:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:16

Type Values Removed Values Added
References () https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available - Vendor Advisory () https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available - Vendor Advisory

27 Jun 2023, 20:14

Type Values Removed Values Added
New CVE

Information

Published : 2022-12-29 20:15

Updated : 2024-11-21 07:16


NVD link : CVE-2022-38210

Mitre link : CVE-2022-38210

CVE.ORG link : CVE-2022-38210


JSON object : View

Products Affected

esri

  • portal_for_arcgis
CWE
CWE-80

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')