103 matches found
CVE-2019-25448
OrientDB 3.0.17 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating users with script payloads in the name parameter. Attackers can send POST requests to the document endpoint with JavaScript code in the name field to...
CVE-2019-25447
OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that allow attackers to perform unauthorized actions by crafting malicious requests to endpoints like /database/, /command/, and /document/. Attackers can create or delete databases, modify schema classes,...
CVE-2019-25449
OrientDB 3.0.17 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted JSON payloads to the document endpoint. Attackers can send POST requests to /document/demodb/-1:-1 with script tags in the name parameter to execute...
CVE-2019-25448
OrientDB 3.0.17 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating users with script payloads in the name parameter. Attackers can send POST requests to the document endpoint with JavaScript code in the name field to...
CVE-2019-25449
OrientDB 3.0.17 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted JSON payloads to the document endpoint. Attackers can send POST requests to /document/demodb/-1:-1 with script tags in the name parameter to execute...
CVE-2019-25447
OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that allow attackers to perform unauthorized actions by crafting malicious requests to endpoints like /database/, /command/, and /document/. Attackers can create or delete databases, modify schema classes,...
CVE-2019-25448
OrientDB 3.0.17 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating users with script payloads in the name parameter. Attackers can send POST requests to the document endpoint with JavaScript code in the name field to...
CVE-2019-25449
OrientDB 3.0.17 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted JSON payloads to the document endpoint. Attackers can send POST requests to /document/demodb/-1:-1 with script tags in the name parameter to execute...
CVE-2019-25447
OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that allow attackers to perform unauthorized actions by crafting malicious requests to endpoints like /database/, /command/, and /document/. Attackers can create or delete databases, modify schema classes,...
CVE-2019-25449 OrientDB 3.0.17 Reflected Cross-Site Scripting via document endpoint
OrientDB 3.0.17 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted JSON payloads to the document endpoint. Attackers can send POST requests to /document/demodb/-1:-1 with script tags in the name parameter to execute...
CVE-2019-25449 OrientDB 3.0.17 Reflected Cross-Site Scripting via document endpoint
OrientDB 3.0.17 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted JSON payloads to the document endpoint. Attackers can send POST requests to /document/demodb/-1:-1 with script tags in the name parameter to execute...
CVE-2019-25449
CVE-2019-25449 affects OrientDB 3.0.17 with a reflected cross-site scripting flaw. The issue allows attackers to submit crafted JSON payloads to the document endpoint, performing a POST to /document/demodb/-1:-1 and injecting script tags in the name parameter to execute arbitrary JavaScript in us...
CVE-2019-25448 OrientDB 3.0.17 Stored Cross-Site Scripting via User Creation
OrientDB 3.0.17 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating users with script payloads in the name parameter. Attackers can send POST requests to the document endpoint with JavaScript code in the name field to...
CVE-2019-25448 OrientDB 3.0.17 Stored Cross-Site Scripting via User Creation
OrientDB 3.0.17 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating users with script payloads in the name parameter. Attackers can send POST requests to the document endpoint with JavaScript code in the name field to...
CVE-2019-25448
OrientDB 3.0.17 is affected by a stored cross-site scripting (XSS) vulnerability. An authenticated attacker can create users with a script payload in the name parameter and post to the document endpoint to inject JavaScript that executes when other users view the application. The published data i...
CVE-2019-25447 OrientDB 3.0.17 Cross-Site Request Forgery
OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that allow attackers to perform unauthorized actions by crafting malicious requests to endpoints like /database/, /command/, and /document/. Attackers can create or delete databases, modify schema classes,...
CVE-2019-25447 OrientDB 3.0.17 Cross-Site Request Forgery
OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that allow attackers to perform unauthorized actions by crafting malicious requests to endpoints like /database/, /command/, and /document/. Attackers can create or delete databases, modify schema classes,...
OrientDB 跨站脚本漏洞
OrientDB is an open-source multi-model database developed by OrientDB. Version 3.0.17 of OrientDB has a cross-site scripting vulnerability. This vulnerability stems from improper handling of JSON payloads submitted to the document endpoint, which may lead to reflective cross-site scripting attack...
PT-2026-21318
OrientDB 3.0.17 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating users with script payloads in the name parameter. Attackers can send POST requests to the document endpoint with JavaScript code in the name field to...
PT-2026-21317
OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that allow attackers to perform unauthorized actions by crafting malicious requests to endpoints like /database/, /command/, and /document/. Attackers can create or delete databases, modify schema classes,...