CVE-2015-2918

MEDIUM

OrientDB Server Community Edition <2.0.15 & <2.1.1 - XSS

Title source: llm
STIX 2.1

Description

The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/845332

Scores

CVSS v3 6.1
EPSS 0.0076
EPSS Percentile 50.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-20
Status published
Products (3)
com.orientechnologies/orientdb-studio 0 - 2.0.15Maven
orientdb/orientdb 2.0.14
orientdb/orientdb 2.1.0
Published Dec 31, 2015
Tracked Since Feb 18, 2026