CVE 4.8 MEDIUM

BUG-000177335 ArcGIS Enterprise Sites has a stored Cross-site Scripting vulnerability._CVE-2025-55107

August 21, 2025 invoker category_cve
4.8 / 10
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Description

There is a stored
Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites
versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to
inject malicious a file with an embedded xss script which when loaded could
potentially execute arbitrary JavaScript code in the victim’s browser. The
privileges required to execute this attack are high. The attack could
disclose a privileged token which may result in the attacker gaining full
control of the Portal.

Basic Information

ID CVE-2025-55107
Source Esri
Published Aug 21, 2025 at 19:29
Modified Aug 21, 2025 at 20:02

Affected Product

Vendor Esri
Product Portal for ArcGIS Enterprise Sites
Version 10.9.1
Affected Versions Esri Portal for ArcGIS Enterprise Sites 10.9.1

CWE Classification

CWE-79

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.