Medium severity5.4NVD Advisory· Published Feb 15, 2026· Updated Apr 15, 2026
CVE-2019-25367
CVE-2019-25367
Description
ArangoDB Community Edition 3.4.2-1 contains multiple cross-site scripting vulnerabilities in the Aardvark web admin interface (index.html) through search, user management, and API parameters. Attackers can inject scripts via parameters in /_db/_system/_admin/aardvark/index.html to execute JavaScript in authenticated users' browsers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: = 3.4.2-1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.