CVE-2023-25830 MEDIUM

CVE-2023-25830: BUG-000154662 Reflected XSS vulnerability in Portal for ArcGIS

Vendor Esri
Product Portal for ArcGIS
Weakness CWE-79 · XSS
Published May 9, 2023
Last update April 10, 2025
View on NVD All CVEs

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and before which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.

Key dates

02Disclosure timeline

May 9, 2023 CVE published
April 10, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-51849 WordPress My Restaurant Menu plugin <= 0.2.0 - Cross Site Scripting (XSS) vulnerability CVE-2025-9332 Interactive Medical Drawing of Human Body <= 2.6 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2025-4392 Shared Files <= 1.7.48 - Unauthenticated Stored Cross-Site Scripting via sanitize_file Function CVE-2026-48301 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2024-36225 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)