Количество 2
Количество 2
CVE-2015-2912
The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted HTTP request.
GHSA-p8ww-vv84-c2rm
OrientDB-Server vulnerable to Cross-Site Request Forgery
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2015-2912 The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted HTTP request. | CVSS3: 8.8 | 0% Низкий | около 10 лет назад |
| GHSA-p8ww-vv84-c2rm OrientDB-Server vulnerable to Cross-Site Request Forgery | CVSS3: 8.8 | 0% Низкий | больше 7 лет назад |
Уязвимостей на страницу