CVE-2021-29109 MEDIUM

CVE-2021-29109: A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9.

Vendor Esri

Product Portal for ArcGIS

Weakness CWE-79 · XSS

Published October 1, 2021

Last update April 10, 2025

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser.

Key dates

02Disclosure timeline

October 1, 2021 CVE published

April 10, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-29109

Related vulnerabilities

04Related CVE

CVE-2025-53253 WordPress WP Edit plugin <= 4.0.4 - Cross Site Scripting (XSS) Vulnerability CVE-2023-6609 osCommerce all-products cross site scripting CVE-2025-47000 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2023-6382 Master Slider - Responsive Touch Slider <= 3.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-9850 Evenium <= 1.3.11 - Authenticated (Contributor+) Stored Cross-Site Scripting