{"vulnerability": "CVE-2023-2583", "sightings": [{"uuid": "4dbc8448-9047-4c9e-8a26-d14585f1af19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25832", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11310", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-25832\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attacker to trick an authorized user into executing unwanted actions.\n\ud83d\udccf Published: 2023-05-09T00:00:00\n\ud83d\udccf Modified: 2025-04-10T18:38:43.184Z\n\ud83d\udd17 References:\n1. https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2023-update-1-patch-is-now-available/\n2. https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8095", "creation_timestamp": "2025-04-10T18:49:26.000000Z"}, {"uuid": "e290bf0e-a966-449b-99da-dd36f2fa161e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25831", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11309", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-25831\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser.\n\ud83d\udccf Published: 2023-05-09T20:45:19.896Z\n\ud83d\udccf Modified: 2025-04-10T18:39:33.871Z\n\ud83d\udd17 References:\n1. https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2023-update-1-patch-is-now-available/\n2. https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8095", "creation_timestamp": "2025-04-10T18:49:26.000000Z"}, {"uuid": "7c23727c-f4e0-4443-bd41-a4716fd0fde1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25833", "type": "seen", "source": "https://t.me/cibsecurity/63718", "content": "\u203c CVE-2023-25833 \u203c\n\nThere is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim\u00e2\u20ac\u2122s browser (no stateful change made or customer data rendered).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-10T07:14:02.000000Z"}, {"uuid": "c7abf685-5fd1-43a3-ab68-fb23813d2349", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25831", "type": "seen", "source": "https://t.me/cibsecurity/63706", "content": "\u203c CVE-2023-25831 \u203c\n\nThere is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim\u00e2\u20ac\u2122s browser.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-10T00:39:04.000000Z"}, {"uuid": "d538a7a0-50b2-46a4-8f51-3c5be929cee8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25832", "type": "seen", "source": "https://t.me/cibsecurity/63705", "content": "\u203c CVE-2023-25832 \u203c\n\nThere is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attacker to trick an authorized user into executing unwanted actions.\u00c2\u00a0\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-10T00:39:03.000000Z"}, {"uuid": "ba8e1ec4-e57c-4b9b-b529-15f2a9a9295b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-2583", "type": "seen", "source": "https://t.me/cibsecurity/63450", "content": "\u203c CVE-2023-2583 \u203c\n\nCode Injection in GitHub repository jsreport/jsreport prior to 3.11.3.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-08T20:37:46.000000Z"}, {"uuid": "cfcfda94-90da-41be-aeb3-628530b236dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25834", "type": "seen", "source": "https://t.me/cibsecurity/63641", "content": "\u203c CVE-2023-25834 \u203c\n\nChanges to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-09T20:38:59.000000Z"}, {"uuid": "23ac8ec4-9096-404d-a0aa-e311e592c2a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25830", "type": "seen", "source": "https://t.me/cibsecurity/63638", "content": "\u203c CVE-2023-25830 \u203c\n\nThere is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim\u00e2\u20ac\u2122s browser.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-09T20:38:53.000000Z"}, {"uuid": "56b424a7-f3d7-4e80-b030-8c66bd39f474", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25833", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11307", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-25833\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim\u2019s browser (no stateful change made or customer data rendered).\n\ud83d\udccf Published: 2023-05-10T00:00:00\n\ud83d\udccf Modified: 2025-04-10T18:40:10.575Z\n\ud83d\udd17 References:\n1. https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2023-update-1-patch-is-now-available/\n2. https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8095", "creation_timestamp": "2025-04-10T18:49:20.000000Z"}, {"uuid": "4b90d9a3-2f73-405a-b9e3-1028ae3ed01e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25835", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11303", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-25835\n\ud83d\udd25 CVSS Score: 8.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: There is a stored Cross-site Scripting vulnerability\u00a0in Esri Portal for ArcGIS Sites versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victims browser. \u00a0The privileges required to execute this attack are high. The impact to Confidentiality, Integrity and Availability are High.\n\ud83d\udccf Published: 2023-07-20T23:30:50.190Z\n\ud83d\udccf Modified: 2025-04-10T18:41:52.229Z\n\ud83d\udd17 References:\n1. https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-enterprise-sites-security-patch-is-now-available/", "creation_timestamp": "2025-04-10T18:49:17.000000Z"}, {"uuid": "f389e211-b177-4d41-bd1b-975ac7edc9f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25836", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11305", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-25836\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: There is a Cross-site Scripting vulnerability\u00a0in Esri Portal for ArcGIS Sites in versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. \u00a0The privileges required to execute this attack are low.\n\ud83d\udccf Published: 2023-07-21T03:41:09.485Z\n\ud83d\udccf Modified: 2025-04-10T18:41:04.338Z\n\ud83d\udd17 References:\n1. https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-enterprise-sites-security-patch-is-now-available/", "creation_timestamp": "2025-04-10T18:49:19.000000Z"}, {"uuid": "8aad8ece-bea5-4521-aa0f-1db894163c69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25837", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11298", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-25837\n\ud83d\udd25 CVSS Score: 8.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: There is a Cross-site Scripting vulnerability\u00a0in Esri ArcGIS Enterprise Sites versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked by a victim could potentially execute arbitrary JavaScript code in the target's browser. \u00a0The privileges required to execute this attack are high.\u00a0 \u00a0\n\nThe impact to Confidentiality, Integrity and Availability are High.\n\ud83d\udccf Published: 2023-07-21T03:42:24.610Z\n\ud83d\udccf Modified: 2025-04-10T18:44:50.839Z\n\ud83d\udd17 References:\n1. https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-enterprise-sites-security-patch-is-now-available/", "creation_timestamp": "2025-04-10T18:49:09.000000Z"}, {"uuid": "4193e2b4-26d1-40f3-9ae3-5083c33a48cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25830", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11315", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-25830\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and before which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser.\n\ud83d\udccf Published: 2023-05-09T16:31:21.361Z\n\ud83d\udccf Modified: 2025-04-10T18:36:19.457Z\n\ud83d\udd17 References:\n1. https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2023-update-1-patch-is-now-available/\n2. https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8095", "creation_timestamp": "2025-04-10T18:49:34.000000Z"}, {"uuid": "bd720674-c31f-426f-9495-df1cc4f89eff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25834", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11314", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-25834\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access.\n\ud83d\udccf Published: 2023-05-09T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-10T18:36:49.951Z\n\ud83d\udd17 References:\n1. https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2023-update-1-patch-is-now-available/\n2. https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8095", "creation_timestamp": "2025-04-10T18:49:33.000000Z"}, {"uuid": "a13c74ca-b819-458b-98e4-88be1561c246", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25835", "type": "seen", "source": "https://t.me/cibsecurity/67082", "content": "\u203c CVE-2023-25835 \u203c\n\nThere is a Cross-site Scripting vulnerability\u00c2\u00a0in Esri Portal Sites in versions 10.8.1 \u00e2\u20ac\u201c 11.1 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. \u00c2\u00a0The privileges required to execute this attack are high.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-21T07:33:34.000000Z"}, {"uuid": "f21cb91a-7522-4dd4-b571-c88cf5da3c88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25836", "type": "seen", "source": "https://t.me/cibsecurity/67078", "content": "\u203c CVE-2023-25836 \u203c\n\nThere is a Cross-site Scripting vulnerability\u00c2\u00a0in Esri Portal Sites in versions 10.8.1 \u00e2\u20ac\u201c 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. \u00c2\u00a0The privileges required to execute this attack are low.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-21T07:33:27.000000Z"}, {"uuid": "3026ca77-bddf-4a1e-980a-5600d208a531", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-25837", "type": "seen", "source": "https://t.me/cibsecurity/67079", "content": "\u203c CVE-2023-25837 \u203c\n\nThere is a Cross-site Scripting vulnerability\u00c2\u00a0in Esri Portal Sites in versions 10.8.1 \u00e2\u20ac\u201c 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser. \u00c2\u00a0The privileges required to execute this attack are high.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-21T07:33:28.000000Z"}]}