Vulnerability Database

308,926

Total vulnerabilities in the database

CVE-2025-57873

There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser.

  • Published: Sep 29, 2025
  • Updated: Nov 16, 2025
  • CVE: CVE-2025-57873
  • Severity: Low
  • Exploit:

CVSS v3:

  • Severity: Low
  • Score: 4.8
  • AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
esri / portal_for_arcgis 10.9.1 10.9.1.x
esri / portal_for_arcgis 10.9.1-security_2025_update1 10.9.1-security_2025_update1.x
esri / portal_for_arcgis 10.9.1-security_2025_update2 10.9.1-security_2025_update2.x
esri / portal_for_arcgis 11.0 11.0.x
esri / portal_for_arcgis 11.1 11.1.x
esri / portal_for_arcgis 11.1-security_2024_update1 11.1-security_2024_update1.x
esri / portal_for_arcgis 11.1-security_2024_update2 11.1-security_2024_update2.x
esri / portal_for_arcgis 11.1-security_2025_update1 11.1-security_2025_update1.x
esri / portal_for_arcgis 11.1-security_2025_update2 11.1-security_2025_update2.x
esri / portal_for_arcgis 11.2 11.2.x
esri / portal_for_arcgis 11.2-security_2024_update1 11.2-security_2024_update1.x
esri / portal_for_arcgis 11.2-security_2024_update2 11.2-security_2024_update2.x
esri / portal_for_arcgis 11.2-security_2025_update1 11.2-security_2025_update1.x
esri / portal_for_arcgis 11.2-security_2025_update2 11.2-security_2025_update2.x
esri / portal_for_arcgis 11.3 11.3.x
esri / portal_for_arcgis 11.3-security_2025_update1 11.3-security_2025_update1.x
esri / portal_for_arcgis 11.3-security_2025_update2 11.3-security_2025_update2.x
esri / portal_for_arcgis 11.4 11.4.x
esri / portal_for_arcgis 11.4-security_2025_update1 11.4-security_2025_update1.x
esri / portal_for_arcgis 11.4-security_2025_update2 11.4-security_2025_update2.x