Description

The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

Remediation

References

https://www.kb.cert.org/vuls/id/845332

Related Vulnerabilities

CVE-2019-8331 Vulnerability in maven package org.webjars:bootstrap

CVE-2019-15782 Vulnerability in npm package webtorrent

CVE-2020-7661 Vulnerability in npm package url-regex

CVE-2019-10785 Vulnerability in maven package org.webjars.bower:dojox

CVE-2018-19586 Vulnerability in maven package org.silverpeas.core:silverpeas-core-web

Severity

High

Classification

CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory US Government Resource