Login Sign Up

CVE-2024-25702

4.8 MEDIUM
Cross-Site Scripting

📋 TL;DR

A stored cross-site scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites allows authenticated attackers with high privileges to inject malicious JavaScript into site configurations. When victims click crafted links, arbitrary code executes in their browsers, potentially disclosing privileged tokens. This affects versions 11.1 and below of the software.

💻 Affected Systems

Products:
  • Esri Portal for ArcGIS Enterprise Sites
Versions: 11.1 and below
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated user with high privileges to exploit.

📦 What is this software?

Portal For Arcgis by Esri

View all CVEs affecting Portal For Arcgis →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains full control of the Portal by stealing privileged tokens, leading to complete system compromise and data exfiltration.

🟠

Likely Case

Attacker steals session tokens or credentials from authenticated users, enabling unauthorized access to sensitive portal data and functions.

🟢

If Mitigated

Attack limited to authenticated high-privilege users only, with minimal impact if proper input validation and output encoding are implemented.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access with high privileges, making it less accessible to external attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply Security 2024 Update 2 or later

Vendor Advisory: https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2024-update-2-released/

Restart Required: Yes

Instructions:

1. Download Security 2024 Update 2 from Esri's official site.
2. Apply the update following Esri's deployment documentation.
3. Restart the Portal services as required.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation and output encoding for all user-controllable fields in site configurations.

🧯 If You Can't Patch

  • Restrict high-privilege user accounts to trusted personnel only.
  • Implement web application firewall (WAF) rules to block XSS payloads.

🔍 How to Verify

Check if Vulnerable:

Check the Portal version in the administrative interface; if it's 11.1 or below, it is vulnerable.

Check Version:

Check the version in the Portal's administrative dashboard or via Esri's version checking tools.

Verify Fix Applied:

Verify the Portal version is updated to a version after Security 2024 Update 2 and test for XSS in site configuration fields.

📡 Detection & Monitoring

Log Indicators:

  • Unusual modifications to site configurations by high-privilege users.
  • JavaScript payloads in configuration logs.

Network Indicators:

  • HTTP requests containing suspicious script tags or JavaScript in site configuration parameters.

SIEM Query:

source="portal_logs" AND (event="config_modification" AND user_privilege="high") AND (payload CONTAINS "<script>" OR payload CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2024-25702
CVSS v3 Score: 4.8 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
Published: October 4, 2024
Last Updated: April 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-25702, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)