Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Portal for ArcGIS — Vulnerabilities & Security Advisories 50

All 50 CVE vulnerabilities found in Portal for ArcGIS, with AI-generated Chinese analysis, references, and POCs.

Portal for ArcGIS is a vulnerability aggregation resource developed by Esri that addresses software weakness classifications. This page collects known security vulnerabilities affecting the Portal for ArcGIS platform, covering historical records from initial release through the most recent patches and updates. Users can track Esri’s official security advisories to stay informed about emerging threats and mitigation strategies. The resource allows administrators to understand specific weakness classes relevant to enterprise geospatial infrastructure, providing context on how vulnerabilities impact deployment stability and data integrity. Additionally, visitors can look up the complete vulnerability history for this product, reviewing past incidents, resolution timelines, and associated configuration risks. This centralized view supports IT security teams in performing risk assessments, prioritizing remediation efforts, and maintaining compliance with organizational security policies. By consolidating fragmented information into a single accessible interface, the page simplifies the process of monitoring product-specific security postures. It serves as a practical reference for developers, system administrators, and security analysts who require accurate, timely data regarding the software’s attack surface. The content is organized to facilitate quick lookup of critical details without overwhelming the reader with unnecessary technical noise. Focus remains on actionable intelligence that helps protect critical web mapping and collaboration environments from exploitation.

Vendor: Esri

CVE IDTitleCVSSSeverityPublished
CVE-2023-25833 BUG-000155004 HTML injection issue in Portal for ArcGIS. CWE-80 5.4 Medium2023-05-10
CVE-2023-25831 BUG-000154236 There is a reflected cross-site scripting (XSS) vulnerability in Portal for ArcGIS. CWE-79 6.1 Medium2023-05-09
CVE-2023-25830 BUG-000154662 Reflected XSS vulnerability in Portal for ArcGIS CWE-79 6.1 Medium2023-05-09
CVE-2023-25829 BUG-000155001 - Unvalidated redirect in Portal for ArcGIS. CWE-601 6.1 Medium2023-05-09
CVE-2023-25834 BUG-000142922 Incomplete permission changes in specific cases. CWE-269 5.4 Medium2023-05-09
CVE-2023-25832 BUG-000148346 There is a Cross-Site Request Forgery (CSRF) vulnerability in Portal for ArcGIS. CWE-352 8.8 High2023-05-09
CVE-2022-38203 The allowedProxyHosts property is not fully honored in ArcGIS Enterprise (10.8.1 and 10.7.1 only) CWE-918 7.5 High2022-12-30
CVE-2022-38189 There is a stored cross-site scripting (XSS) vulnerability in ArcGIS API for JavaScript. CWE-79 5.4 Medium2022-08-16
CVE-2022-38184 There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 CWE-284 7.5 High2022-08-16
CVE-2022-38192 There is a stored cross-site scripting (XSS) vulnerability in ArcGIS API for JavaScript. CWE-79 6.1 Medium2022-08-16
CVE-2022-38193 Code injection issue in Portal for ArcGIS (10.7.1 and 10.8.1) CWE-95 6.1 Medium2022-08-16
CVE-2022-38194 Portal for ArcGIS system properties are not properly encrypted (10.8.1 only) CWE-311 6.7 Medium2022-08-16
CVE-2022-38191 HTML injection vulnerability in Portal for ArcGIS CWE-74 6.1 Medium2022-08-15
CVE-2022-38187 Prevent access to sharing/rest/content/features/analyze to unauthorized users CWE-918 7.5 High2022-08-15
CVE-2022-38188 Esri Portal For ArcGis 跨站脚本漏洞 CWE-79 6.1 -2022-08-15
CVE-2022-38190 Stored cross-site scripting vulnerability in Esri Portal for ArcGIS Configurable Apps CWE-79 6.1 Medium2022-08-15
CVE-2022-38186 Esri Portal For ArcGis 跨站脚本漏洞 CWE-79 6.1 -2022-08-15
CVE-2021-29110 Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application. CWE-79 5.4 -2021-10-01
CVE-2021-29109 A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9. CWE-79 6.1 -2021-10-01
CVE-2021-29108 There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below. CWE-347 8.8 High2021-10-01

All 50 known CVE vulnerabilities affecting Portal for ArcGIS with full Chinese analysis, references, and POCs where available.