Lucene search
PRIOn knowledge basePRION:CVE-2015-2912HistoryDec 31, 2015 - 5:59 a.m.
Cross site request forgery (csrf)
2015-12-3105:59:00
PRIOn knowledge base
www.prio-n.com
2
The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted HTTP request.
Related
cve
cve
CVE-2015-2912
2015-12-31 05:59:08
osv
osv
OrientDB-Server vulnerable to Cross-Site Request Forgery
2018-10-18 17:41:13
github
github
OrientDB-Server vulnerable to Cross-Site Request Forgery
2018-10-18 17:41:13
nessus
nessus
OrientDB < 2.0.15 / 2.1.1 XSRF
2015-10-08 00:00:00
cvelist
cvelist
CVE-2015-2912
2015-12-31 02:00:00
nvd
nvd
CVE-2015-2912
2015-12-31 05:59:08
openvas
openvas
cert
cert
OrientDB and Studio prior to version 2.1.1 contain multiple vulnerabilities
2015-09-03 00:00:00