Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Portal for ArcGIS — Vulnerabilities & Security Advisories 50

All 50 CVE vulnerabilities found in Portal for ArcGIS, with AI-generated Chinese analysis, references, and POCs.

This page documents security vulnerabilities associated with Portal for ArcGIS, an enterprise geographic information system developed by Esri. It specifically addresses weaknesses within this commercial platform that may allow unauthorized access, data exposure, or service disruption. The content aggregates vulnerability records affecting Portal for ArcGIS across multiple software versions, covering incidents reported from 2012 through the present. This collection includes flaws related to authentication bypasses, cross-site scripting, insecure direct object references, and other common weakness categories that impact the product’s integrity and availability. The dataset is compiled from vendor advisories, third-party security disclosures, and public vulnerability databases to provide a comprehensive historical view. Readers can use this resource to track Esri’s response timelines and patch release schedules for specific security issues. It enables users to understand the nature and severity of identified weakness classes within the context of this GIS software. Additionally, administrators and security analysts can look up the product’s vulnerability history to assess past risks and inform current mitigation strategies. This information supports informed decision-making regarding system updates, configuration hardening, and long-term security posture evaluation for deployments using Portal for ArcGIS. The goal is to provide factual, structured data that facilitates proactive risk management without speculative commentary or promotional language.

Vendor: Esri

CVE IDTitleCVSSSeverityPublished
CVE-2026-33519 Incorrect privilege assignment in Portal for ArcGIS CWE-266 9.8 Critical2026-04-21
CVE-2026-33518 Incorrect privilege assignment in Portal for ArcGIS CWE-266 9.8 Critical2026-04-21
CVE-2025-57871 BUG-000174020 - Reflected XSS vulnerability identified in Portal for ArcGIS. (11.3, 11.1, 10.9.1) CWE-79 4.8 Medium2025-09-29
CVE-2025-57872 BUG-000174150 - Unvalidated redirect in Portal for ArcGIS. CWE-601 6.1 Medium2025-09-29
CVE-2025-57873 BUG-000175222 - Reflected XSS vulnerability in Portal for ArcGIS. CWE-79 4.8 Medium2025-09-29
CVE-2025-57874 BUG-000161627 - Reflected XSS vulnerability in Portal for ArcGIS.  (11.3, 11.1, 10.9.1) CWE-79 4.8 Medium2025-09-29
CVE-2025-57875 BUG-000164122 - Reflected XSS vulnerability in Portal for ArcGIS. CWE-79 4.8 Medium2025-09-29
CVE-2025-57877 Reflected XSS vulnerability in Portal for ArcGIS. CWE-79 4.8 Medium2025-09-29
CVE-2025-57878 BUG-000174149 - The Portal for ArcGIS has an unvalidated redirect. CWE-601 6.1 Medium2025-09-29
CVE-2025-57879 BUG-000171009 - URL manipulation vulnerability in Portal for ArcGIS. CWE-601 6.1 Medium2025-09-29
CVE-2025-57876 Stored XSS vulnerability in Portal for ArcGIS CWE-79 4.8 Medium2025-09-29
CVE-2025-4967 Server Side Request Forgery (SSRF) vulnerability in Portal for ArcGIS CWE-918 9.1 Critical2025-05-29
CVE-2025-2538 BUG-000174336 CWE-798 9.8 Critical2025-03-20
CVE-2024-38040 BUG-000167984 - Portal for ArcGIS has a Local file inclusion (LFI) vulnerability CWE-73 7.5 High2024-10-04
CVE-2024-38038 BUG-000165732 - Reflected XSS in Portal for ArcGIS CWE-79 6.1 Medium2024-10-04
CVE-2024-25691 BUG-000165286 - Reflected XSS in Portal for ArcGIS CWE-79 6.1 Medium2024-10-04
CVE-2024-25707 BUG-000160241 - Reflected XSS in Portal for ArcGIS CWE-79 4.8 Medium2024-10-04
CVE-2024-8149 BUG-000168624 - Unvalidated redirect in Portal for ArcGIS. CWE-79 4.6 Medium2024-10-04
CVE-2024-38039 BUG-000161683 - HTML injection vulnerability in Portal for ArcGIS. CWE-80 5.4 Medium2024-10-04
CVE-2024-8148 BUG-000168624 - Unvalidated redirect in Portal for ArcGIS. (11.2, 11.1, 10.9.1. and 10.8.1) CWE-601 6.1 Medium2024-10-04
CVE-2024-38037 BUG-000167983 - Unvalidated redirect in Portal for ArcGIS CWE-601 6.1 Medium2024-10-04
CVE-2024-25699 Portal for ArcGIS has an invalid authentication vulnerability CWE-287 8.5 High2024-04-04
CVE-2024-25705 Cross site scripting issue in embed widget CWE-79 5.4 Medium2024-04-04
CVE-2024-25706 HTMLi at createFolder Content Injection CWE-94 6.1 Medium2024-04-04
CVE-2024-25709 Self-XSS style in move item dialog CWE-79 6.1 Medium2024-04-04
CVE-2024-25698 Reflected XSS in Portal for ArcGIS CWE-79 6.1 Medium2024-04-04
CVE-2024-25695 concatenated errors resulting in cross site scripting and frame injection issues. CWE-79 7.2 High2024-04-04
CVE-2024-25696 Stored XSS in Portal for ArcGIS CWE-79 4.8 Medium2024-04-04
CVE-2024-25697 Stored XSS in Portal for ArcGIS CWE-79 5.4 Medium2024-04-04
CVE-2024-25692 BUG-000154722 - Cross-site request forgery (CSRF) issue in Portal for ArcGIS CWE-352 5.4 Medium2024-04-04

All 50 known CVE vulnerabilities affecting Portal for ArcGIS with full Chinese analysis, references, and POCs where available.