exploitDog

CVE-2019-25448

Опубликовано: 20 фев. 2026

Источник: nvd

CVSS3: 6.4

EPSS Низкий

Описание

OrientDB 3.0.17 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating users with script payloads in the name parameter. Attackers can send POST requests to the document endpoint with JavaScript code in the name field to execute arbitrary scripts when users view the application.

Ссылки

https://orientdb.dev/
Product
https://www.exploit-db.com/exploits/46517
Exploit
VDB Entry
https://www.vulncheck.com/advisories/orientdb-stored-cross-site-scripting-via-user-creation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:orientdb:orientdb:3.0.17:*:*:*:*:*:*:*

EPSS

Процентиль: 16%

0.00251

Низкий

6.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-fjxv-44q5-26f4

CVSS3: 6.4

github

4 месяца назад

OrientDB 3.0.17 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating users with script payloads in the name parameter. Attackers can send POST requests to the document endpoint with JavaScript code in the name field to execute arbitrary scripts when users view the application.

EPSS

Процентиль: 16%

0.00251

Низкий

6.4 Medium

CVSS3

Дефекты

CWE-79