CVE 4.8 MEDIUM

BUG-000177333 – ArcGIS Enterprise Sites has a stored Cross-site Scripting vulnerability._CVE-2025-55103

August 21, 2025 invoker category_cve
4.8 / 10
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Description

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal.

Basic Information

ID CVE-2025-55103
Source Esri
Published Aug 21, 2025 at 19:25
Modified Aug 21, 2025 at 20:15

Affected Product

Vendor Esri
Product Portal for ArcGIS Enterprise Sites
Version 10.9.1
Affected Versions Esri Portal for ArcGIS Enterprise Sites 10.9.1

CWE Classification

CWE-79

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.