esri

168 tracked vulnerabilities.

CVE-2024-51949 MEDIUM
ArcGIS Server < 11.3 - Authenticated Stored Cross-Site Scripting
Mar 03, 2025
CVSS 4.8
EPSS 0.00
CVE-2024-51948 MEDIUM
ArcGIS Server < 11.3 - Authenticated Stored Cross-Site Scripting
Mar 03, 2025
CVSS 4.8
EPSS 0.00
CVE-2024-51947 MEDIUM
ArcGIS Server < 11.3 - Authenticated Stored Cross-Site Scripting
Mar 03, 2025
CVSS 4.8
EPSS 0.00
CVE-2024-51946 MEDIUM
ArcGIS Server < 11.3 - Authenticated Stored Cross-Site Scripting
Mar 03, 2025
CVSS 4.8
EPSS 0.00
CVE-2024-51945 MEDIUM
ArcGIS Server < 11.3 - Authenticated Stored Cross-Site Scripting
Mar 03, 2025
CVSS 4.8
EPSS 0.00
CVE-2024-51944 MEDIUM
ArcGIS Server < 11.3 - Authenticated Stored Cross-Site Scripting
Mar 03, 2025
CVSS 4.8
EPSS 0.00
CVE-2024-51942 MEDIUM
ArcGIS Server < 11.3 - Authenticated Stored Cross-Site Scripting
Mar 03, 2025
CVSS 4.8
EPSS 0.00
CVE-2024-10904 MEDIUM
ArcGIS Server < 11.3 - Authenticated Stored Cross-Site Scripting
Mar 03, 2025
CVSS 4.8
EPSS 0.00
CVE-2024-8149 MEDIUM
Esri Portal for ArcGIS 11.1-11.2 - XSS
Oct 04, 2024
CVSS 4.6
EPSS 0.00
CVE-2024-8148 MEDIUM
Esri Portal for ArcGIS <11.2 - Open Redirect
Oct 04, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-38040 HIGH
Esri Portal for ArcGIS <11.2 - Info Disclosure
Oct 04, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-38039 MEDIUM
Esri Portal for ArcGIS <=11.0 - XSS
Oct 04, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-38038 MEDIUM
Esri Portal for ArcGIS 11.1 - Unauthenticated Reflected Cross-Site Scripting
Oct 04, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-38037 MEDIUM
Esri Portal for ArcGIS <11.0 - Open Redirect
Oct 04, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-38036 MEDIUM
Esri Portal for ArcGIS <10.9.1 - XSS
Oct 04, 2024
CVSS 5.4
EPSS 0.03
CVE-2024-25707 MEDIUM
Esri Portal for ArcGIS < 11.1 - Authenticated Reflected Cross-Site Scripting
Oct 04, 2024
CVSS 4.8
EPSS 0.00
CVE-2024-25702 MEDIUM
Esri Portal for ArcGIS < 11.1 - Authenticated Stored Cross-Site Scripting via Enterprise Sites Configuration
Oct 04, 2024
CVSS 4.8
EPSS 0.00
CVE-2024-25701 MEDIUM
Esri Portal for ArcGIS 10.8.1-11.1 - Authenticated Stored Cross-Site Scripting in Experience Builder Embed Widget
Oct 04, 2024
CVSS 4.8
EPSS 0.00
CVE-2024-25694 MEDIUM
Esri Portal for ArcGIS 10.8.1-10.9.1 - Authenticated Stored Cross-Site Scripting in Layer Showcase Application
Oct 04, 2024
CVSS 4.8
EPSS 0.00
CVE-2024-25691 MEDIUM
Esri Portal for ArcGIS <= 11.1 - Unauthenticated Reflected Cross-Site Scripting
Oct 04, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-25709 MEDIUM
Esri Portal for ArcGIS <= 11.2 - Stored Cross-Site Scripting via Item Move Location Link
Apr 04, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-25708 MEDIUM
Esri Portal for ArcGIS Enterprise Web App Builder <= 10.9.1 - Authenticated Stored Cross-Site Scripting
Apr 04, 2024
CVSS 4.8
EPSS 0.00
CVE-2024-25706 MEDIUM
Esri Portal for ArcGIS < 11.0 - Unauthenticated HTML Injection via Crafted URL
Apr 04, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-25705 MEDIUM
Esri Portal for ArcGIS < 11.1 - Authenticated Stored Cross-Site Scripting
Apr 04, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-25700 MEDIUM
Esri Portal for ArcGIS Enterprise Web App Builder <11.1 - XSS
Apr 04, 2024
CVSS 4.8
EPSS 0.00
Products
portal_for_arcgis 73 arcgis_server 67 arcgis_pro 6 arcreader 6 arcgis_enterprise 5 arcmap 4 arcgis_engine 3 ArcGIS Server 2 Portal for ArcGIS 2 arcgis_allsource 2 arcgis_insights 2 arcinfo_workstation 2 arcsde 2 ArcGIS Enterprise Builder 1 ArcGIS Monitor 1 ArcGIS Web AppBuilder {Developer Edition) 1 arcgis_earth 1 arcgis_for_desktop 1 arcgis_for_engine 1 arcgis_geoevent_server 1 arcgis_quickcapture 1 arcgisruntime_sdk 1 arcpad 1
Quick Filters
Critical CVEs With Exploits In CISA KEV