CVE-2015-2918
MEDIUMOrientDB Server Community Edition <2.0.15 & <2.1.1 - XSS
Title source: llmDescription
The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/845332
Scores
CVSS v3
6.1
EPSS
0.0076
EPSS Percentile
50.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-20
Status
published
Products (3)
com.orientechnologies/orientdb-studio
0 - 2.0.15Maven
orientdb/orientdb
2.0.14
orientdb/orientdb
2.1.0
Published
Dec 31, 2015
Tracked Since
Feb 18, 2026