Unrated severityNVD Advisory· Published Feb 20, 2026· Updated Apr 7, 2026

OrientDB 3.0.17 Reflected Cross-Site Scripting via document endpoint

CVE-2019-25449

Description

OrientDB 3.0.17 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted JSON payloads to the document endpoint. Attackers can send POST requests to /document/demodb/-1:-1 with script tags in the name parameter to execute arbitrary JavaScript in users' browsers.

Affected products

Orientdb/Orientdbllm-fuzzy
Range: = 3.0.17
Orientdb/OrientDBv5
Range: 3.0.17

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/46517mitreexploit
www.vulncheck.com/advisories/orientdb-reflected-cross-site-scripting-via-document-endpointmitrethird-party-advisory
orientdb.devmitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000