CVE-2024-25690

MEDIUM Year: 2024
CVSS v3 Score
4.7
Medium
Weakness Type
CWE-80
View all →

Vulnerability Description

There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser.

Related Vulnerabilities

CVE-2021-1420

MEDIUM
CVSS:4.7(Medium)

A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improp...

CWE-802021

CVE-2023-24496

MEDIUM
CVSS:4.7(Medium)

Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code i...

CWE-802023

CVE-2023-24497

MEDIUM
CVSS:4.7(Medium)

Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code i...

CWE-802023

CVE-2017-20098

MEDIUM
CVSS:4.8(Medium)

A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting (Persistent...

CWE-802017

CVE-2019-18944

MEDIUM
CVSS:4.8(Medium)

Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS.

CWE-802019

CVE-2020-5267

MEDIUM
CVSS:4.8(Medium)

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be...

CWE-802020