First published: Thu Dec 29 2022(Updated: )
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked could execute arbitrary JavaScript code in the victim’s browser.
Credit: psirt@esri.com
Affected Software | Affected Version | How to fix |
---|---|---|
Esri Portal for ArcGIS | <=10.9.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-38206 is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below.
CVE-2022-38206 allows a remote attacker to create a crafted link that, when clicked, could execute arbitrary JavaScript code in the victim's browser.
CVE-2022-38206 has a severity rating of medium with a CVSS score of 6.1.
Esri Portal for ArcGIS versions 10.9.1 and below are affected by CVE-2022-38206.
To fix CVE-2022-38206, it is recommended to update Esri Portal for ArcGIS to the latest version available.