Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
ArangoDB Community Edition: Unauthenticated JavaScript Injection through Web Interface
CVE-2019-25367
Summary
ArangoDB's web admin interface has a weakness that allows attackers to inject malicious scripts into users' browsers, potentially stealing sensitive information or taking control of the user's session. This affects the Community Edition of ArangoDB, a popular database software. To protect your database, update to the latest version of ArangoDB or disable the web interface if not needed.
Original title
ArangoDB Community Edition 3.4.2-1 contains multiple cross-site scripting vulnerabilities in the Aardvark web admin interface (index.html) through search, user management, and API parameters. Attac...
Original description
ArangoDB Community Edition 3.4.2-1 contains multiple cross-site scripting vulnerabilities in the Aardvark web admin interface (index.html) through search, user management, and API parameters. Attackers can inject scripts via parameters in /_db/_system/_admin/aardvark/index.html to execute JavaScript in authenticated users' browsers.
nvd CVSS3.1
5.4
nvd CVSS4.0
4.8
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 15 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026