Lucene search
K

103 matches found

RedhatCVE
RedhatCVE
added 2026/02/22 1:28 a.m.7 views

CVE-2019-25448

OrientDB 3.0.17 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating users with script payloads in the name parameter. Attackers can send POST requests to the document endpoint with JavaScript code in the name field to...

6.4CVSS5.7AI score0.00251EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/22 1:28 a.m.6 views

CVE-2019-25447

OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that allow attackers to perform unauthorized actions by crafting malicious requests to endpoints like /database/, /command/, and /document/. Attackers can create or delete databases, modify schema classes,...

5.3CVSS5.2AI score0.0013EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/22 1:27 a.m.5 views

CVE-2019-25449

OrientDB 3.0.17 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted JSON payloads to the document endpoint. Attackers can send POST requests to /document/demodb/-1:-1 with script tags in the name parameter to execute...

6.1CVSS5.6AI score0.00225EPSS
Exploits1References1
OSV
OSV
added 2026/02/20 11:16 p.m.5 views

CVE-2019-25448

OrientDB 3.0.17 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating users with script payloads in the name parameter. Attackers can send POST requests to the document endpoint with JavaScript code in the name field to...

6.4CVSS6AI score0.00251EPSS
Exploits1References3
OSV
OSV
added 2026/02/20 11:16 p.m.5 views

CVE-2019-25449

OrientDB 3.0.17 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted JSON payloads to the document endpoint. Attackers can send POST requests to /document/demodb/-1:-1 with script tags in the name parameter to execute...

6.1CVSS5.9AI score0.00225EPSS
Exploits1References3
NVD
NVD
added 2026/02/20 11:16 p.m.5 views

CVE-2019-25447

OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that allow attackers to perform unauthorized actions by crafting malicious requests to endpoints like /database/, /command/, and /document/. Attackers can create or delete databases, modify schema classes,...

5.3CVSS0.0013EPSS
Exploits1References3
NVD
NVD
added 2026/02/20 11:16 p.m.11 views

CVE-2019-25448

OrientDB 3.0.17 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating users with script payloads in the name parameter. Attackers can send POST requests to the document endpoint with JavaScript code in the name field to...

6.4CVSS0.00251EPSS
Exploits1References3
NVD
NVD
added 2026/02/20 11:16 p.m.7 views

CVE-2019-25449

OrientDB 3.0.17 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted JSON payloads to the document endpoint. Attackers can send POST requests to /document/demodb/-1:-1 with script tags in the name parameter to execute...

6.1CVSS0.00225EPSS
Exploits1References3
OSV
OSV
added 2026/02/20 11:16 p.m.5 views

CVE-2019-25447

OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that allow attackers to perform unauthorized actions by crafting malicious requests to endpoints like /database/, /command/, and /document/. Attackers can create or delete databases, modify schema classes,...

3.5CVSS5.7AI score0.0013EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/20 10:56 p.m.6 views

CVE-2019-25449 OrientDB 3.0.17 Reflected Cross-Site Scripting via document endpoint

OrientDB 3.0.17 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted JSON payloads to the document endpoint. Attackers can send POST requests to /document/demodb/-1:-1 with script tags in the name parameter to execute...

6.1CVSS5.5AI score0.00225EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/20 10:56 p.m.24 views

CVE-2019-25449 OrientDB 3.0.17 Reflected Cross-Site Scripting via document endpoint

OrientDB 3.0.17 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted JSON payloads to the document endpoint. Attackers can send POST requests to /document/demodb/-1:-1 with script tags in the name parameter to execute...

6.1CVSS0.00225EPSS
Exploits1References3
CVE
CVE
added 2026/02/20 10:56 p.m.11 views

CVE-2019-25449

CVE-2019-25449 affects OrientDB 3.0.17 with a reflected cross-site scripting flaw. The issue allows attackers to submit crafted JSON payloads to the document endpoint, performing a POST to /document/demodb/-1:-1 and injecting script tags in the name parameter to execute arbitrary JavaScript in us...

6.1CVSS5.6AI score0.00225EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/02/20 10:56 p.m.26 views

CVE-2019-25448 OrientDB 3.0.17 Stored Cross-Site Scripting via User Creation

OrientDB 3.0.17 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating users with script payloads in the name parameter. Attackers can send POST requests to the document endpoint with JavaScript code in the name field to...

6.4CVSS0.00251EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/20 10:56 p.m.6 views

CVE-2019-25448 OrientDB 3.0.17 Stored Cross-Site Scripting via User Creation

OrientDB 3.0.17 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating users with script payloads in the name parameter. Attackers can send POST requests to the document endpoint with JavaScript code in the name field to...

6.4CVSS5.5AI score0.00251EPSS
Exploits1References3
CVE
CVE
added 2026/02/20 10:56 p.m.18 views

CVE-2019-25448

OrientDB 3.0.17 is affected by a stored cross-site scripting (XSS) vulnerability. An authenticated attacker can create users with a script payload in the name parameter and post to the document endpoint to inject JavaScript that executes when other users view the application. The published data i...

6.4CVSS5.7AI score0.00251EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/02/20 10:56 p.m.23 views

CVE-2019-25447 OrientDB 3.0.17 Cross-Site Request Forgery

OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that allow attackers to perform unauthorized actions by crafting malicious requests to endpoints like /database/, /command/, and /document/. Attackers can create or delete databases, modify schema classes,...

5.3CVSS0.0013EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/20 10:56 p.m.6 views

CVE-2019-25447 OrientDB 3.0.17 Cross-Site Request Forgery

OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that allow attackers to perform unauthorized actions by crafting malicious requests to endpoints like /database/, /command/, and /document/. Attackers can create or delete databases, modify schema classes,...

5.3CVSS5.1AI score0.0013EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.9 views

OrientDB 跨站请求伪造漏洞

OrientDB is an open-source multi-model database developed by OrientDB. In the version 3.0.17 of OrientDB, there is a vulnerability related to cross-site request forgeing. This vulnerability stems from the lack of token verification at endpoints, which may lead to cross-site request forgeing attac...

5.3CVSS5.7AI score0.0013EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.8 views

OrientDB 跨站脚本漏洞

OrientDB is an open-source multi-model database developed by OrientDB. Version 3.0.17 of OrientDB has a cross-site scripting vulnerability. This vulnerability stems from improper handling of JSON payloads submitted to the document endpoint, which may lead to reflective cross-site scripting attack...

6.1CVSS5.6AI score0.00225EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.10 views

OrientDB 跨站脚本漏洞

OrientDB is an open-source multi-model database developed by OrientDB. In the version 3.0.17 of OrientDB, there is a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of the name parameter, which may lead to storage-based cross-site scripting attacks...

6.4CVSS5.7AI score0.00251EPSS
Exploits1References3
Rows per page
Query Builder