CVE-2023-25831 MEDIUM

CVE-2023-25831: BUG-000154236 There is a reflected cross-site scripting (XSS) vulnerability in Portal for ArcGIS.

Vendor Esri

Product Portal for ArcGIS

Weakness CWE-79 · XSS

Published May 9, 2023

Last update April 10, 2025

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.

Key dates

02Disclosure timeline

May 9, 2023 CVE published

April 10, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-25831

Related vulnerabilities

04Related CVE

CVE-2025-15202 SohuTV CacheCloud TaskController.java taskQueueList cross site scripting CVE-2013-10028 EELV Newsletter Plugin lettreinfo.php style_newsletter cross site scripting CVE-2026-25136 Rucio WebUI has a Reflected Cross-site Scripting Vulnerability CVE-2024-2138 JetWidgets For Elementor <= 1.0.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Box Widget CVE-2025-12880 Progress Bar Blocks for Gutenberg <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG