CVE-2019-25449

Name of the Vulnerable Software and Affected Versions OrientDB version 3.0.17

Description The software contains a reflected cross-site scripting issue that allows attackers to inject malicious scripts. Attackers can send POST requests to the ''/document/demodb/-1:-1'' API endpoint with script tags in the name parameter to execute arbitrary JavaScript in users' browsers. The attack involves submitting crafted JSON payloads to the document endpoint.

Recommendations Apply input validation and sanitization to the name parameter in the ''/document/demodb/-1:-1'' API endpoint to prevent the injection of script tags.