3797 matches found
CVE-2023-23126
Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions. NOTE: the vendor's position is that a Content-Security-Policy HTTP response header is present to block this attack...
CVE-2023-23126
Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions. NOTE: the vendor's position is that a Content-Security-Policy HTTP response header is present to block this attack...
CVE-2023-23126
Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions. NOTE: the vendor's position is that a Content-Security-Policy HTTP response header is present to block this attack...
Code injection
DISPUTED Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions. NOTE: the vendor's position is that a Content-Security-Policy HTTP response header is present to block this attack...
CVE-2023-23126
Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions. NOTE: the vendor's position is that a Content-Security-Policy HTTP response header is present to block this attack...
ConnectWise Automate 安全漏洞
ConnectWise Automate is a cloud-based, local IT automation solution from ConnectWise USA. The product supports content management, file sharing, IT asset tracking and management, and more. A security vulnerability exists in ConnectWise Automate version 2022.11 that stems from vulnerability to...
CVE-2023-23126
Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions. NOTE: the vendor's position is that a Content-Security-Policy HTTP response header is present to block this attack...
CVE-2023-23126
ConnectWise Automate 2022.11 is affected by a clickjacking vulnerability where the login screen can be framed to entice users into unintended actions. The vendor claims a Content-Security-Policy header blocks this attack. Multiple sources (NVD, Red Hat, CVE listings) confirm the issue; no explici...
PT-2023-18847 · Connectwise · Connectwise Automate
Name of the Vulnerable Software and Affected Versions: Connectwise Automate version 2022.11 Description: The issue allows the login screen to be iframed, potentially manipulating users into performing unintended actions. The vendor claims that a Content-Security-Policy HTTP response header is...
Improper Restriction of Rendered UI Layers or Frames
Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. Proof of Concept http://localhost:8000/admin/ Response headers http HTTP/1.1 200 OK Server: gunicorn Date: Tue, 24 Jan 202...
Clickjacking
pyload-ng is vulnerable to clickjacking attacks. The vulnerability exists due to the lack of frame restrictions in init.py as it does not properly set the response header X-Frame-Options: DENY, which allows an attacker to load the website within a malicious response header...
PT-2023-8312 · Pyload · Pyload
Name of the Vulnerable Software and Affected Versions: pyload versions prior to 0.5.0b3.dev33 Description: The issue is related to improper restriction of rendered UI layers or frames in the pyload software, which can be exploited by a remote attacker to conduct a clickjacking attack. This allows...
Improper Restriction of Rendered UI Layers or Frames
Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. Proof of Concept...
Rockwell Automation MicroLogix 1100 and 1400
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: MicroLogix 1100 and 1400 Vulnerabilities: Cross-site Scripting, Improper Restriction of Rendered UI Layers or Frames 2. RISK EVALUATION Successful exploitation of these...
CVE-2022-46061
AeroCMS v0.0.1 is vulnerable to ClickJacking...
CVE-2022-46061
AeroCMS v0.0.1 is vulnerable to ClickJacking...
Design/Logic Flaw
AeroCMS v0.0.1 is vulnerable to ClickJacking...
CVE-2022-46061
AeroCMS v0.0.1 is vulnerable to ClickJacking...
CVE-2022-46061
AeroCMS v0.0.1 is vulnerable to ClickJacking...
CVE-2022-46061
CVE-2022-46061 : AeroCMS v0.0.1 is reported vulnerable to ClickJacking. The connected sources identify the affected software/version and classify the impact as low for confidentiality and integrity, with no availability impact; user interaction is required for exploitation, per the CVSS data. No ...