Lucene search
K

unilogies/bumsys < v2.0.2 - Clickjacking

🗓️ 05 Jul 2026 03:01:21Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 25 Views

unilogies/bumsys < v2.0.2 - Clickjacking. Checks Clickjacking prevention headers in HTTP response for unilogies/bumsys v2.0.2 or older, causing UI layer/frame restriction, leading to unintended actions, needing upgrade to mitigate

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2023-1362
27 Feb 202519:25
circl
CNNVD
bumsys 安全漏洞
13 Mar 202300:00
cnnvd
CVE
CVE-2023-1362
13 Mar 202300:00
cve
Cvelist
CVE-2023-1362 Improper Restriction of Rendered UI Layers or Frames in unilogies/bumsys
13 Mar 202300:00
cvelist
Huntr
UI REDRESSING
25 Feb 202309:11
huntr
NVD
CVE-2023-1362
13 Mar 202305:15
nvd
OSV
CVE-2023-1362 Improper Restriction of Rendered UI Layers or Frames in unilogies/bumsys
13 Mar 202300:00
osv
Prion
Input validation
13 Mar 202305:15
prion
Positive Technologies
PT-2023-16929 · Unilogies · Bumsys
13 Mar 202300:00
ptsecurity
RedhatCVE
CVE-2023-1362
23 May 202502:41
redhatcve
Rows per page
id: CVE-2023-1362

info:
  name: unilogies/bumsys < v2.0.2 - Clickjacking
  author: ctflearner
  severity: medium
  description: |
    This template checks for the presence of clickjacking prevention headers in the HTTP response, aiming to identify vulnerabilities related to the improper restriction of rendered UI layers or frames in the GitHub repository unilogies/bumsys prior to version 2.0.2.
  impact: |
    An attacker can trick users into performing unintended actions on the vulnerable application.
  remediation: |
    Upgrade to version 2.0.2 or later to mitigate the Clickjacking vulnerability.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2023-1362
    - https://huntr.dev/bounties/e5959166-c8ef-4ada-9bb1-0ff5a9693bac/
    - https://github.com/unilogies/bumsys/commit/8c5b27d54707f9805b27ef26ad741f2801e30e1f
    - https://github.com/ctflearner/ctflearner
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2023-1362
    cwe-id: CWE-1021
    epss-score: 0.01411
    epss-percentile: 0.69424
    cpe: cpe:2.3:a:bumsys_project:bumsys:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: bumsys_project
    product: bumsys
  tags: cve,cve2023,bumsys,clickjacking,huntr,bumsys_project,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers:
      - type: dsl
        dsl:
          - "status_code_1 == 200"
          - "!regex('X-Frame-Options', header)"
          - "contains(body, 'BUM</b>Sys</a>')"
        condition: and
# digest: 490a0046304402201fe386dc47a5fffe282533ff3ac3ed0cb8e1f7a11540b11fd1a1fa4eae22400102202f4de7d74674221312e3f28fc1f3b4765591eec42ec6925f708cf7de4df65c71:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.8Medium risk
Vulners AI Score6.8
CVSS 3.16.1
CVSS 38.4
EPSS0.01411
SSVC
25