BUG-000173918 – ArcGIS Enterprise Sites has a security vulnerability.

4.8 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Description

A stored cross-site scripting (XSS) vulnerability exists ArcGIS HUB and ArcGIS Enterprise Sites which allows an authenticated user with the ability to create or edit a site to add and store an XSS payload. If this stored XSS payload is triggered by any user attacker supplied JavaScript may execute in the victim's browser.

Basic Information

ID CVE-2025-55104

Source Esri

Published Aug 21, 2025 at 19:28

Modified Aug 21, 2025 at 20:04

Affected Product

Vendor Esri

Product Portal for ArcGIS Enterprise Sites

Version 10.9.1

Affected Versions Esri Portal for ArcGIS Enterprise Sites 10.9.1

CWE Classification

CWE-79

References

www.esri.com /arcgis-blog/products/trust-arcgis/administration/2925891-2

{
    "lastseen": "",
    "description": "A stored cross-site scripting (XSS) vulnerability exists ArcGIS HUB and ArcGIS Enterprise Sites which allows an authenticated user with the ability to create or edit a site to add and store an XSS payload. If this stored XSS payload is triggered by any user attacker supplied JavaScript may execute in the victim's browser.",
    "published": "2025-08-21T19:28:43.077Z",
    "modified": "2025-08-21T20:04:38.047Z",
    "type": "cve",
    "title": "BUG-000173918 - ArcGIS Enterprise Sites has a security vulnerability.",
    "source": "Esri",
    "references": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/2925891-2",
    "id": "CVE-2025-55104",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "Esri Portal for ArcGIS Enterprise Sites 10.9.1",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Portal for ArcGIS Enterprise Sites",
    "version": "10.9.1",
    "vendor": "Esri",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

BUG-000173918 – ArcGIS Enterprise Sites has a security vulnerability._CVE-2025-55104