CVE-2022-38191: HTML injection vulnerability in Portal for ArcGIS
First published: Mon Aug 15 2022(Updated: )
There is an HTML injection issue in Esri Portal for ArcGIS versions 10.9.0 and below which may allow a remote, authenticated attacker to inject HTML into some locations in the home application.
Credit: psirt@esri.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Esri Portal for ArcGIS | <=10.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for the HTML injection issue in Esri Portal for ArcGIS?
The vulnerability ID is CVE-2022-38191.
What is the severity level of CVE-2022-38191?
The severity level of CVE-2022-38191 is medium with a CVSS score of 5.4.
Which versions of Esri Portal for ArcGIS are affected by CVE-2022-38191?
Esri Portal for ArcGIS versions 10.9.0 and below are affected by CVE-2022-38191.
What can an attacker do with this vulnerability?
A remote, authenticated attacker may be able to inject HTML into some locations in the home application.
How can I fix CVE-2022-38191?
To fix CVE-2022-38191, you should apply the security update provided by Esri in their blog post.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/title
- agent/severity
- agent/author
- agent/last-modified-date
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- vendor/esri
- canonical/esri portal for arcgis
- version/esri portal for arcgis/10.9