| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
| CVE-2023-1362 | 27 Feb 202519:25 | – | circl | |
| bumsys 安全漏洞 | 13 Mar 202300:00 | – | cnnvd | |
| CVE-2023-1362 | 13 Mar 202300:00 | – | cve | |
| CVE-2023-1362 Improper Restriction of Rendered UI Layers or Frames in unilogies/bumsys | 13 Mar 202300:00 | – | cvelist | |
| UI REDRESSING | 25 Feb 202309:11 | – | huntr | |
| CVE-2023-1362 | 13 Mar 202305:15 | – | nvd | |
| CVE-2023-1362 Improper Restriction of Rendered UI Layers or Frames in unilogies/bumsys | 13 Mar 202300:00 | – | osv | |
| Input validation | 13 Mar 202305:15 | – | prion | |
| PT-2023-16929 · Unilogies · Bumsys | 13 Mar 202300:00 | – | ptsecurity | |
| CVE-2023-1362 | 23 May 202502:41 | – | redhatcve |
id: CVE-2023-1362
info:
name: unilogies/bumsys < v2.0.2 - Clickjacking
author: ctflearner
severity: medium
description: |
This template checks for the presence of clickjacking prevention headers in the HTTP response, aiming to identify vulnerabilities related to the improper restriction of rendered UI layers or frames in the GitHub repository unilogies/bumsys prior to version 2.0.2.
impact: |
An attacker can trick users into performing unintended actions on the vulnerable application.
remediation: |
Upgrade to version 2.0.2 or later to mitigate the Clickjacking vulnerability.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2023-1362
- https://huntr.dev/bounties/e5959166-c8ef-4ada-9bb1-0ff5a9693bac/
- https://github.com/unilogies/bumsys/commit/8c5b27d54707f9805b27ef26ad741f2801e30e1f
- https://github.com/ctflearner/ctflearner
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-1362
cwe-id: CWE-1021
epss-score: 0.01411
epss-percentile: 0.69424
cpe: cpe:2.3:a:bumsys_project:bumsys:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: bumsys_project
product: bumsys
tags: cve,cve2023,bumsys,clickjacking,huntr,bumsys_project,vuln
http:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: dsl
dsl:
- "status_code_1 == 200"
- "!regex('X-Frame-Options', header)"
- "contains(body, 'BUM</b>Sys</a>')"
condition: and
# digest: 490a0046304402201fe386dc47a5fffe282533ff3ac3ed0cb8e1f7a11540b11fd1a1fa4eae22400102202f4de7d74674221312e3f28fc1f3b4765591eec42ec6925f708cf7de4df65c71:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation