the vulnerability is Clickjacking
Steps for Reproduce:
Create a script like this <title> Clickjacking! </ title> <p> The Site is Vulnerability Clickjacking </ p> <iframe src = "https://www.download.nextcloud.com" height = "700px" width = "700px"> </ iframe>
Enter a file name after saving it in the .html format Then the web is Vuln Clickjacking
Sorry bad english (im indonesian)
By using Clickjacking technique, an attacker hijack's click's meant for one page and route them to another page, most likely for another application, domain, or both.