Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
OrientDB 3.0.17: Malicious Scripts Can Run in Users' Browsers
CVE-2019-25449
Summary
OrientDB 3.0.17 has a security flaw that lets hackers inject malicious code into websites. This can happen if a user visits a website that sends a specially crafted request to OrientDB. To stay safe, update to the latest version of OrientDB or use a web application firewall to block suspicious requests.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| orientdb | orientdb | 3.0.17 | – |
Original title
OrientDB 3.0.17 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted JSON payloads to the document endpoint. Attackers can...
Original description
OrientDB 3.0.17 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted JSON payloads to the document endpoint. Attackers can send POST requests to /document/demodb/-1:-1 with script tags in the name parameter to execute arbitrary JavaScript in users' browsers.
nvd CVSS3.1
6.1
nvd CVSS4.0
5.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
- https://orientdb.dev/ Product
- https://www.exploit-db.com/exploits/46517 Exploit VDB Entry
- https://www.vulncheck.com/advisories/orientdb-reflected-cross-site-scripting-via... Third Party Advisory
Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026