Description

The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

Remediation

References

https://www.kb.cert.org/vuls/id/845332

Related Vulnerabilities

CVE-2022-25926 Vulnerability in npm package window-control

CVE-2022-41404 Vulnerability in maven package org.ini4j:ini4j

CVE-2020-7760 Vulnerability in maven package org.webjars.bowergithub.codemirror:codemirror

CVE-2017-7957 Vulnerability in maven package org.hudsonci.tools:xstream

CVE-2016-10547 Vulnerability in maven package org.webjars.npm:nunjucks

Severity

High

Classification

CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory US Government Resource