What is CVE-2019-25448?

CVE-2019-25448 is a medium-severity vulnerability in Orientdb, classified under Cross-site Scripting. CVSS score: 6.4/10. Published 2026-02-20.

How severe is CVE-2019-25448?

Medium severity. CVSS v3 base score is 6.4 out of 10.

XSS in Orientdb

CVE-2019-25448

OrientDB 3.0.17 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating users with script payloads in the name parameter. Attackers can send POST requests to the docu…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (14.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N.

Affected products

Orientdb — versions 3.0.17

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

ExploitDB-46517 (exploit)
OrientDB Official Website (product)
VulnCheck Advisory: OrientDB 3.0.17 Stored Cross-Site Scripting via User Creation (third-party-advisory)

Frequently asked questions

What is CVE-2019-25448?: CVE-2019-25448 is a medium-severity vulnerability in Orientdb, classified under Cross-site Scripting. CVSS score: 6.4/10. Published 2026-02-20.
How severe is CVE-2019-25448?: Medium severity. CVSS v3 base score is 6.4 out of 10.