CVE-2025-57873
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-29
Last updated on: 2025-10-17
Assigner: Environmental Systems Research Institute, Inc.
Description
Description
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| esri | portal_for_arcgis | 10.9.1 |
| esri | portal_for_arcgis | 10.9.1 |
| esri | portal_for_arcgis | 10.9.1 |
| esri | portal_for_arcgis | 11.0 |
| esri | portal_for_arcgis | 11.1 |
| esri | portal_for_arcgis | 11.1 |
| esri | portal_for_arcgis | 11.1 |
| esri | portal_for_arcgis | 11.1 |
| esri | portal_for_arcgis | 11.1 |
| esri | portal_for_arcgis | 11.2 |
| esri | portal_for_arcgis | 11.2 |
| esri | portal_for_arcgis | 11.2 |
| esri | portal_for_arcgis | 11.2 |
| esri | portal_for_arcgis | 11.2 |
| esri | portal_for_arcgis | 11.3 |
| esri | portal_for_arcgis | 11.3 |
| esri | portal_for_arcgis | 11.3 |
| esri | portal_for_arcgis | 11.4 |
| esri | portal_for_arcgis | 11.4 |
| esri | portal_for_arcgis | 11.4 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
