CVE-2021-29110 MEDIUM

CVE-2021-29110: Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application.

Vendor Esri

Product Portal for ArcGIS

Weakness CWE-79 · XSS

Published October 1, 2021

Last update April 10, 2025

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application.

Key dates

02Disclosure timeline

October 1, 2021 CVE published

April 10, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-29110 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-8666 Shoutcast Icecast HTML5 Radio Player <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2020-4038 Reflected XSS in GraphQL Playground CVE-2021-24204 Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Accordion Widget CVE-2025-59988 Junos Space: Generate Report page is vulnerable to reflected cross-site script injection CVE-2024-41656 Sentry vulnerable to stored Cross-Site Scripting (XSS)