CVE-2021-3731

LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions...

in erikdubbelboer/phpredisadmin

✍️ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. 🕵️‍♂️ Proof of Concept 💥 Impact According to PortSwigger references, it is possible for a page controlled by an attacker...

LedgerSMB 安全漏洞

LedgerSMB is a free web-based double-entry bookkeeping system with quoting, ordering, invoicing, projects, time cards, inventory management, shipping, and more. LedgerSMB suffers from a security vulnerability that stems from the application not being adequately protected from being wrapped around...

PT-2021-21605 · Ledgersmb +2 · Ledgersmb +2

Name of the Vulnerable Software and Affected Versions: LedgerSMB affected versions not specified Description: The issue allows an attacker to trick a targeted user into executing unintended actions through 'clickjacking', as LedgerSMB does not sufficiently guard against being wrapped by other...

Mozilla Firefox Resource Management Error Vulnerability (CNVD-2021-90323)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a Resource Management Error vulnerability, which exists due to improper resource management within the application.The Android version of Firefox may get stuck in full-scre...

CVE-2021-32070

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to perform a clickjacking attack due to an insecure header response. A successful exploit could allow an attacker to modify the browser header and redirect users...

CVE-2021-32070

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to perform a clickjacking attack due to an insecure header response. A successful exploit could allow an attacker to modify the browser header and redirect users...

Design/Logic Flaw

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to perform a clickjacking attack due to an insecure header response. A successful exploit could allow an attacker to modify the browser header and redirect users...

CVE-2021-32070

The CVE-2021-32070 entry concerns the Mitel MiCollab MiCollab Client Service component prior to version 9.3, where an insecure header response could enable a clickjacking attack. An attacker could modify the browser header and redirect users, as described in the public records. No explicit exploi...

CVE-2021-32070

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to perform a clickjacking attack due to an insecure header response. A successful exploit could allow an attacker to modify the browser header and redirect users...

UPchieve: CLICKJACKING LEADS TO DEACTIVATE ACCOUNT

Hello UPCHEIVE SECURITY TEAM, I'm Anto Vulnerability : Clickjacking in https://hackers.upchieve.org/profile Steps to Reproduce: 1. Create a HTML file with following code Click the place where its shows Click 1 Click 2 Click 2 2, Save and Open it on your browser the page will be appear. Impact An...

Mozilla Firefox 资源管理错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a Resource Management Error vulnerability, which exists due to improper resource management within the application.The Android version of Firefox may get stuck in full-scre...

CVE-2021-37788

A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device...

CVE-2021-37788

A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device...

Input validation

A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device...

CVE-2021-37788

The CVE-2021-37788 case concerns Gurock TestRail web UI version 5.3.0.3603. The root cause is insufficient input validation of iFrame data in HTTP requests, enabling an unauthenticated, remote attacker to perform a clickjacking attack and potentially affect device integrity. Connected sources (PT...

CVE-2021-37788

A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device...

Gurock Software Gurock TestRail 安全漏洞

Gurock Software Gurock TestRail is a web-based test case management software for QA and development teams from Gurock Software. The software supports the creation of test cases, management of test suites, and coordination of the testing process. A security vulnerability exists in Gurock TestRail...

PT-2021-21871 · Gurock · Gurock Testrail

Name of the Vulnerable Software and Affected Versions: Gurock TestRail version 5.3.0.3603 Description: A vulnerability in the web UI of Gurock TestRail could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to...

Logitech: clickjacking on deleting user's clips [https://crossclip.com/clips]

Summary: An attacker can trick victim to delete his own clips on https://crossclip.com/clips. Steps To Reproduce: F1403810 1. Login 1. Create an HTML file with the following code. I-Frame THIS PAGE IS VULNERABLE TO CLICKJACKING Supporting Material/References: F1403810 Impact tricking user to dele...