Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to Cross-Site Scripting (XSS), since there is no validation of the .zip file name and filtering of potential abusive characters which zip files can be named to. There is no X-Frame-Options Header set, which makes it more susceptible for leveraging self XSS by attackers.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ArangoDB 跨站脚本漏洞
Vulnerability Description
ArangoDB是ArangoDB GmbH的一款NoSQL数据库系统 ArangoDB 2.2.6.2版本到3.7.10版本存在跨站脚本漏洞,该漏洞源于程序因为没有对.zip文件名进行验证,也没有过滤zip文件可以命名的潜在滥用字符。使得攻击者可利用该漏洞更容易利用自己的跨站脚本。
CVSS Information
N/A
Vulnerability Type
N/A