icon

We found results for “

CVE-2021-25938

Date: May 24, 2021

Overview

In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to Cross-Site Scripting (XSS), since there is no validation of the .zip file name and filtering of potential abusive characters which zip files can be named to. There is no X-Frame-Options Header set, which makes it more susceptible for leveraging self XSS by attackers.

Details

The module ‘ArangoDB’ can be abused via file upload XSS vulnerability since there is no validation of the .zip file name and filtering of potential abusive characters which zip file can be named to. There is no X-Frame-Options Header set, which makes it more susceptible for leveraging self XSS by attackers.

PoC Details

Login to the application, and go to Services, Add service, Upload. Now select a .zip file named as an XSS tag, example given below. A pop-up indicating the successful execution of the script will now be presented.

PoC Code

><img src=x onerror=alert(document.domain)>.zip

Affected Environments

v2.2.6.2-v3.7.10

Prevention

Upgrade to v3.7.1

Language: JS

Good to know:

icon

Cross-Site Scripting (XSS)

CWE-79
icon

Upgrade Version

Upgrade to version v3.7.11

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privilegs Required (PR): None
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): Low
Integrity (I): Low
Availability (A): None
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (AU): None
Confidentiality (C): None
Integrity (I): Partial
Availability (A): None
Additional information: