CVE-2021-38472

CVE-2021-38472 affects InHand Networks IR615 Router, specifically the management portal in versions 2.3.0.r4724 and 2.3.0.r4870. The root cause is absence of the X-Frame-Options header, enabling clickjacking via a link sent to an administrator that frames the portal and could induce changes. Docu...

in admidio/admidio

Description it can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. Proof of Concept Clickjack test page save the script as clickjacking .html and page will render in iframes Impact it is...

in namelessmc/nameless

Description Nameless is vulnerable to clickjacking because it does not have the X-Frame-Options header set to DENY or SAMEORIGIN only nginx proxy has it. This header is important because it prevents other websites from Iframing the website. If the website can be iframed, then the attacker can hos...

in fisharebest/webtrees

Description In fix commit https://github.com/fisharebest/webtrees/commit/fc904122e0c1b55f274bc4c8cd883c266176e34e, the fix was to set CSP to script-src in HTML files to none. Webtrees by default has X-Frame-Options headers to prevent clickjacking, but since X-Frame-Options: SAMEORIGIN, it is...

Clustered Data ONTAP Clickjacking Vulnerability

Clustered Data ONTAP is NetApp's proprietary operating system for storage disk arrays. A clickjacking vulnerability exists in Clustered Data ONTAP versions 9.5P18, 9.6P15, 9.7P14, 9.8P5, and prior to 9.9.1. The vulnerability stems from the lack of an X-Frame-Options header in the product. An...

CVE-2021-27003

Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack...

CVE-2021-27003

Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack...

Code injection

Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack...

CVE-2021-27003

Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack...

CVE-2021-27003

CVE-2021-27003 affects NetApp Clustered Data ONTAP. Affected products/versions: Clustered Data ONTAP earlier than 9.5P18, 9.6P15, 9.7P14, 9.8P5, and 9.9.1. Root cause: missing X-Frame-Options header could enable clickjacking. Impact stated in sources: exposure to clickjacking if served pages are ...

Netapp Clustered Data ONTAP 安全漏洞

Clustered Data ONTAP is NetApp's proprietary operating system for storage disk arrays. A clickjacking vulnerability exists in Clustered Data ONTAP versions 9.5P18, 9.6P15, 9.7P14, 9.8P5, and prior to 9.9.1. The vulnerability stems from the lack of an X-Frame-Options header in the product. An...

in bytebase/bytebase

Description it can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. Proof of Concept Clickjack test page save the script as clickjacking .html and page will render in iframes Impact it is...

Security Bulletin: IBM Security Guardium Insights is affected by a ClickJacking vulnerability (CVE-2020-4165)

Summary IBM Security Guardium Insights has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-4165 DESCRIPTION: IBM Guardium Activity Insights could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site,...

in craigk5n/webcalendar

Description it can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. Proof of Concept Clickjack test page save the script as clickjacking .html and page will render in iframes...

in chevereto/chevereto-free

Clickjacking is a portmanteau of two words ‘click’ and ‘hijacking’. It refers to hijacking user’s click for malicious intent. In it, an attacker embeds the vulnerable site in an transparent iframe in attacker’s own website and overlays it with objects such as button using CSS skills. This tricks...

Ubuntu 20.04 LTS : LedgerSMB vulnerabilities (USN-5097-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5097-1 advisory. It was discovered that LedgerSMB incorrectly handled certain inputs. An attacker could use this to leak sensitive information, cause a DoS, or execute...

in netdisco/netdisco

Description it can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. Proof of Concept Clickjack test page save the script as clickjacking .html and page will render in iframes below link show...

OESA-2021-1359 cockpit security update

Cockpit makes GNU/Linux discoverable. See Linux server in a web browser and perform system tasks with a mouse. It’s easy to start containers, administer storage, configure networks, and inspect logs with this package. Security Fixes: Cockpit and its plugins do not seem to protect itself against...

in jonschoning/espial

Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. PoC https://i.ibb.co/QFTZD9j/clickjack.png Impact According to PortSwigger references, it is possible for a page controlled by an attacker to load the website within an iframe. This will enable ...

in kcal-app/kcal

Description it can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. Proof of Concept Clickjack test page save the script as clickjacking .html and page will render in iframes...