in filegator/filegator

Clickjacking is a portmanteau of two words ‘click’ and ‘hijacking’. It refers to hijacking user’s click for malicious intent. In it, an attacker embeds the vulnerable site in an transparent iframe in attacker’s own website and overlays it with objects such as button using CSS skills. This tricks...

in ampache/ampache

Clickjacking is a portmanteau of two words ‘click’ and ‘hijacking’. It refers to hijacking user’s click for malicious intent. In it, an attacker embeds the vulnerable site in an transparent iframe in attacker’s own website and overlays it with objects such as button using CSS skills. This tricks...

in francoisjacquet/rosariosis

Clickjacking is a portmanteau of two words ‘click’ and ‘hijacking’. It refers to hijacking user’s click for malicious intent. In it, an attacker embeds the vulnerable site in an transparent iframe in attacker’s own website and overlays it with objects such as button using CSS skills. This tricks...

in postfixadmin/postfixadmin

✍️ Description clickjacking attack 🕵️‍♂️ Proof of Concept i see there is no X-Frame-Options reseponse header present which allow to load entire website in iframe . And using this clickjacking attack can be performed . 💥 Impact clickjacking attack...

IBM Sterling Connect Clickjacking Vulnerability

IBM Sterling Connect: Direct is a file-based peer-to-peer file transfer solution from IBM, U.S.A. A clickjacking vulnerability exists in IBM Sterling Connec versions 1.4.1.1 and 1.5.0.2, which stems from a program that does not adequately protect HTML iframes. A remote attacker could exploit The...

CVE-2021-3660

Cockpit and its plugins do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an HTML entry. This may be used by a malicious website in clickjacking or similar attacks...

IBM Sterling Connect 安全漏洞

IBM Sterling Connect: Direct is a file-based peer-to-peer file transfer solution from IBM, U.S.A. A clickjacking vulnerability exists in IBM Sterling Connec versions 1.4.1.1 and 1.5.0.2, which stems from a program that does not adequately protect HTML iframes. A remote attacker could exploit The...

PortSwigger Web Security: RCE of Burp Scanner / Crawler via Clickjacking

A vulnerability was discovered in Burp Suite, a web application security testing tool. The vulnerability allowed an attacker to exploit a known XSS vulnerability in the embedded Chrome browser used by Burp Suite. By leveraging this vulnerability, an attacker could execute arbitrary commands on th...

PT-2021-3773 · Cockpit +5 · Cockpit +5

Name of the Vulnerable Software and Affected Versions: Cockpit affected versions not specified Description: The issue is related to clickjacking attacks, where a malicious website can render a page from a Cockpit server inside an iframe HTML entry. This could be exploited by a malicious website t...

in spiral-project/ihatemoney

💥 BUG clickjacking bug. 💥 STEP TO REPRODUCE I see there is no X-Frame-Options header present in response . So, it allow to load dashboard url in iframe which make clickjacking attack . Iframe will be completely hidden with opacity control so that victim dont suspect . bellow code can be used as...

Homebrew: clickjacking at brew.sh

hello , While performing security testing of your website i have found the vulnerability called Clickjacking. URL is in scope and vulnerable to Clickjacking. What is Clickjacking ? Clickjacking User Interface redress attack, UI redress attack, UI redressing is a malicious technique of tricking a...

DRUPAL-CONTRIB-2021-019

This project is related to Opigno LMS distribution. It implements the group manager in the Opigno LMS. The module does not set X-Frame-Options and blocks ability of other modules e.g Security Kit to add them, leaving it vulnerable to Clickjacking...

DRUPAL-CONTRIB-2021-018

This project is related to Opigno LMS distribution. It implements the learning path, that combines together in a very flexible way the differents steps of a training in Opigno LMS. The module does not set X-Frame-Options and blocks ability of other modules e.g Security Kit to add them, leaving it...

Opigno Learning path - Less critical - UI redressing (clickjacking) - SA-CONTRIB-2021-018

This project is related to Opigno LMS distribution. It implements the learning path, that combines together in a very flexible way the differents steps of a training in Opigno LMS. The module does not set X-Frame-Options and blocks ability of other modules e.g Security Kit to add them, leaving it...

Meredith: Shop - Reflected XSS With Clickjacking Leads to Steal User's Cookie In Two Domain

Hii Security Team , I am S Rahul MCEHMetaxone Certified Ethical Hacker and a Security Researcher I just checked your website and found Reflected XSS to Good XSS Clickjacking In Two Domain Description:- As the search parameter is vulnerable to XSS and but the plus point is there is no...

SUSE: Security Advisory (SUSE-SU-2014:0248-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2013:0519-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

in kestasjk/webdiplomacy

✍️ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The file https://github.com/kestasjk/webDiplomacy/blob/07de41f21192b0b611af343bc0d880c1de78d194/header.php does not set the response header X-Frame-Options: DENY. This issue can be found from...

CVE-2020-10743

It was discovered that OpenShift Container Platform's OCP distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP's distribution of Kibana, such as clickjacki...

CVE-2020-10743

It was discovered that OpenShift Container Platform's OCP distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP's distribution of Kibana, such as clickjacki...