CVE-2015-2918

MEDIUM

OrientDB Server Community Edition <2.0.15 & <2.1.1 - XSS

Title source: llm

Description

The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

References (1)

[Third Party Advisory, US Government Resource] https://www.kb.cert.org/vuls/id/845332

Scores

CVSS v3 6.1

EPSS 0.0060

EPSS Percentile 69.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-20

Status draft

Affected Products (3)

orientdb/orientdb

com.orientechnologies/orientdb-studio < 2.0.15Maven

Timeline

Published Dec 31, 2015

Tracked Since Feb 18, 2026