CVE-2024-28196

CVE-2024-28196 affects YourSpotify (self-hosted Spotify tracking dashboard). The issue arises in versions

CVE-2024-28196 Clickjacking in your_spotify

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version 1.9.0 does not prevent other pages from displaying it in an iframe and is thus vulnerable to clickjacking. Clickjacking can be used to trick an existing user of YourSpotify to trigger actions, such as...

YourSpotify Security Breach

YourSpotify is a self-hosted Spotify tracking dashboard. A security vulnerability exists in versions of YourSpotify prior to 1.9.0 that stems from vulnerability to clickjacking, allowing other users to register or delete the current user account...

PT-2024-22330 · Unknown · Yourspotify

Name of the Vulnerable Software and Affected Versions: YourSpotify versions prior to 1.9.0 Description: The issue concerns a clickjacking vulnerability that can be used to trick an existing user into triggering actions, such as allowing signup of other users or deleting the current user account...

BIT-NODE-2020-8201

Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture ...

BIT-JENKINS-2020-2105

REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks...

CVE-2024-1890

Vulnerability whereby an attacker could send a malicious link to an authenticated operator, which could allow remote attackers to perform a clickjacking attack on Sunny WebBox firmware version 1.6.1 and earlier...

CVE-2024-1890

Vulnerability whereby an attacker could send a malicious link to an authenticated operator, which could allow remote attackers to perform a clickjacking attack on Sunny WebBox firmware version 1.6.1 and earlier...

Design/Logic Flaw

Vulnerability whereby an attacker could send a malicious link to an authenticated operator, which could allow remote attackers to perform a clickjacking attack on Sunny WebBox firmware version 1.6.1 and earlier...

CVE-2024-1890 Clickjacking vulnerability in Sunny Webbox

Vulnerability whereby an attacker could send a malicious link to an authenticated operator, which could allow remote attackers to perform a clickjacking attack on Sunny WebBox firmware version 1.6.1 and earlier...

CVE-2024-1890 Clickjacking vulnerability in Sunny Webbox

Vulnerability whereby an attacker could send a malicious link to an authenticated operator, which could allow remote attackers to perform a clickjacking attack on Sunny WebBox firmware version 1.6.1 and earlier...

CVE-2024-1890

CVE-2024-1890 affects Sunny WebBox firmware 1.6.1 and earlier. Affected component is the WebBox UI vulnerable to clickjacking when an authenticated operator is served a malicious link, enabling potential UI interaction manipulation. Public sources (NVD/NVD-derived entries) describe the issue and ...

SMA Solar Technology AG Sunny WebBox Security Breach

Sma Solar Technology AG SMA Solar Technology AG Sunny WebBox is a device for recording, storing, displaying and transmitting solar system data from Sma Solar Technology AG, Germany. A security vulnerability exists in the SMA Solar Technology AG Sunny WebBox version 1.6.1 and earlier versions. An...

IBM PowerSC Clickjacking Vulnerability

IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. IBM PowerSC suffers from a clickjacking vulnerability that can be exploited by an attacker to hijack a victim's click-to-operate and launch further attacks against the victim...

Hacking Microsoft and Wix with Keyboard Shortcuts

Browser vendors continuously tweak and refine browser functionalities to improve security. Implementing same-site cookies is a prime example of vendors’ efforts to mitigate Cross-Site Request Forgery CSRF attacks. However, not all security measures are foolproof. In their quest to combat Cross-Si...

firefox security update

An update is available for firefox. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...

CVE-2023-45698

Sametime is impacted by lack of clickjacking protection in Outlook add-in. The application is not implementing appropriate protections in order to protect users from clickjacking attacks...

CVE-2023-45698

Sametime is impacted by lack of clickjacking protection in Outlook add-in. The application is not implementing appropriate protections in order to protect users from clickjacking attacks...

Code injection

Sametime is impacted by lack of clickjacking protection in Outlook add-in. The application is not implementing appropriate protections in order to protect users from clickjacking attacks...

CVE-2023-45698 HCL Sametime is impacted by clickjacking

Sametime is impacted by lack of clickjacking protection in Outlook add-in. The application is not implementing appropriate protections in order to protect users from clickjacking attacks...