3797 matches found
CVE-2023-41897 Lack of XFO header allows clickjacking in Home Assistant Core
Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the X-Frame-Options header, which specifies whether the web page is allowed to be framed. The omission of this and correlating headers facilitates covert clickjacking attacks...
CVE-2023-41897 Lack of XFO header allows clickjacking in Home Assistant Core
Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the X-Frame-Options header, which specifies whether the web page is allowed to be framed. The omission of this and correlating headers facilitates covert clickjacking attacks...
CVE-2023-41897
CVE-2023-41897 affects Home Assistant Core. The issue is the absence of HTTP security headers, notably the X-Frame-Options header, which enables clickjacking and creates potential paths for other exploit opportunities within the Home Assistant web interface. Documents consistently describe the ri...
CVE-2023-41897 Lack of XFO header allows clickjacking in Home Assistant Core
Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the X-Frame-Options header, which specifies whether the web page is allowed to be framed. The omission of this and correlating headers facilitates covert clickjacking attacks...
PT-2023-28153
Name of the Vulnerable Software and Affected Versions Home Assistant versions prior to 2023.9.0 Description The issue concerns the omission of HTTP security headers, including the X-Frame-Options header, in Home Assistant server. This omission facilitates covert clickjacking attacks and other...
Home Assistant Data Falsification Issue Vulnerability
Home Assistant is an open source home automation management system. The system is primarily used to control home automation devices. A security vulnerability exists in Home assistant versions prior to 2023.9.0, which stems from Home assistant not setting the HTTP security header. An attacker can...
UI Redressing (Clickjacking) with SSO Plugin for Data Center
h3. Problem Related to CONFSERVER-29230 When we enable the SAML login on General Configuration - Authentication, the Confluence login page shows inside an iframe. When disabled it doesn't show as expected with the Clickjacking disabled by default. In the gif attached, replicated the error on our...
GHSA-GC95-5MMP-MP6J Economizzer vulnerable to Clickjacking
The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were...
Economizzer vulnerable to Clickjacking
The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were...
CVE-2023-38873
The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were...
CVE-2023-38873
The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were...
CVE-2023-38873
The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were...
Design/Logic Flaw
The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were...
Economizzer Security Vulnerabilities
Economizzer is a simple and open source personal finance management system using PHP Yii Framework 2 by Gustavo G. Andrade, an individual developer. A security vulnerability exists in Economizzer v.0.9-beta1, which is vulnerable to clickjacking attacks...
CVE-2023-38873
The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were...
CVE-2023-38873
The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were...
CVE-2023-38873
The CVE-2023-38873 entry corresponds to a Clickjacking vulnerability in Economizzer v0.9-beta1 (and related commits). Multiple connected sources corroborate that the issue involves UI redressing where an attacker tricks a user into interacting with a page they did not intend, by overlaying transp...
PT-2023-26652 · Unknown · Gugoan Economizzer
Name of the Vulnerable Software and Affected Versions: gugoan Economizzer version 0.9-beta1 gugoan Economizzer commit 3730880 April 2023 Description: The issue is related to Clickjacking, also known as a "UI redress attack", where an attacker uses multiple transparent or opaque layers to trick a...
Updated firefox/thunderbird packages fix security vulnerability
Use-after-free in workers. CVE-2023-3600 File Extension Spoofing using the Text Direction Override Character. CVE-2023-3417 Offscreen Canvas could have bypassed cross-origin restrictions. CVE-2023-4045 Incorrect value used during WASM compilation. CVE-2023-4046 Potential permissions request bypas...
Apache Druid < 0.23.0 Multiple Vulnerabilities
The version of Apache Druid installed on the remote host is affected by the following vulnerabilities: - Certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses. This makes it possible to execute reflected XSS attacks. CVE-2021-44791 - The server did n...