CVE-2015-2918

N/A

Descripcion

The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

Detalles CVE

Puntuacion CVSS v3.1N/A

Publicado12/31/2015

Ultima modificacion4/12/2025

Fuentenvd

Avistamientos honeypot0

Productos afectados

orientdb:orientdb

Debilidades (CWE)

CWE-20

Referencias

https://www.kb.cert.org/vuls/id/845332(cret@cert.org)

https://www.kb.cert.org/vuls/id/845332(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.