Lucene search
GoogleOSV:CVE-2022-24733HistoryMar 14, 2022 - 7:15 p.m.
CVE-2022-24733
2022-03-1419:15:12
Google
osv.dev
4
Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, it is possible for a page controlled by an attacker to load the website within an iframe. This will enable a clickjacking attack, in which the attacker’s page overlays the target application’s interface with a different interface provided by the attacker. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. Every response from app should have an X-Frame-Options header set to: sameorigin. To achieve that, add a new subscriber in the app.
Related
nvd
nvd
CVE-2022-24733
2022-03-14 19:15:12
prion
prion
Code injection
2022-03-14 19:15:00
cvelist
cvelist
veracode
veracode
Click Jacking
2022-03-15 06:12:58
cnvd
cnvd
Sylius has an unspecified vulnerability (CNVD-2022-22317)
2022-03-16 00:00:00
cve
cve
CVE-2022-24733
2022-03-14 19:15:12
osv
osv
Improper Restriction of Rendered UI Layers or Frames in Sylius
2022-03-14 21:55:33
github
github
Improper Restriction of Rendered UI Layers or Frames in Sylius
2022-03-14 21:55:33