Esri Vulnerabilities
Comprehensive security vulnerability database for Esri products
2
0
3
0
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2024-25709 | 6.1 | An attacker can create a malicious link that, when saved by a user in Esri Portal for ArcGIS, can run harmful JavaScript code in that user's web browser. This can be done by anyone, even without special permissions, as long as they are logged in to the system. | esriportal for arcgis | Theoretical | almost 2 years agoApr 4, 2024 |
| CVE-2024-25705 | 5.4 | This vulnerability allows an attacker with basic access to create a malicious link that, when clicked by a user, can run harmful JavaScript code in their browser. The attacker only needs to be logged in with low-level permissions, making it relatively easy to exploit. | esriportal for arcgis | Exploit Available | almost 2 years agoApr 4, 2024 |
About Esri Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Esri products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.