Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a CVE vulnerability ID? 
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
New vulnerability? Tell us about it!
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2021-25938
Date: May 24, 2021
Overview
In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to Cross-Site Scripting (XSS), since there is no validation of the .zip file name and filtering of potential abusive characters which zip files can be named to. There is no X-Frame-Options Header set, which makes it more susceptible for leveraging self XSS by attackers.Details
The module ‘ArangoDB’ can be abused via file upload XSS vulnerability since there is no validation of the .zip file name and filtering of potential abusive characters which zip file can be named to. There is no X-Frame-Options Header set, which makes it more susceptible for leveraging self XSS by attackers.PoC Details
Login to the application, and go to Services, Add service, Upload. Now select a .zip file named as an XSS tag, example given below. A pop-up indicating the successful execution of the script will now be presented.PoC Code
><img src=x onerror=alert(document.domain)>.zipAffected Environments
v2.2.6.2-v3.7.10Prevention
Upgrade to v3.7.1Language: JS
Good to know:
| Base Score: |
|
|---|---|
| Attack Vector (AV): | Network |
| Attack Complexity (AC): | Low |
| Privileges Required (PR): | None |
| User Interaction (UI): | Required |
| Scope (S): | Changed |
| Confidentiality (C): | Low |
| Integrity (I): | Low |
| Availability (A): | None |
| Base Score: |
|
|---|---|
| Access Vector (AV): | Network |
| Access Complexity (AC): | Medium |
| Authentication (AU): | None |
| Confidentiality (C): | None |
| Integrity (I): | Partial |
| Availability (A): | None |
| Additional information: |