Open redirect

It was discovered that OpenShift Container Platform's OCP distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP's distribution of Kibana, such as clickjacki...

CVE-2020-10743

The CVE-2020-10743 issue concerns OpenShift Container Platform’s Kibana distribution allowing clickjacking via iframe embedding due to missing X-Frame-Options handling. Connected docs confirm this CVE was addressed in Kibana updates (e.g., SUSE’s bulletin notes CVE-2020-10743 fixed by a patch to ...

CVE-2020-10743

It was discovered that OpenShift Container Platform's OCP distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP's distribution of Kibana, such as clickjacki...

Sifchain: Clickjacking at sifchain.finance

Hi team, While performing security testing of your website i have found the vulnerability called Clickjacking. Many URLS are in scope and vulnerable to Clickjacking. What is Clickjacking ? Clickjacking User Interface redress attack, UI redress attack, UI redressing is a malicious technique of...

Sifchain: Clickjacking

Bug Bounty ReportVulnerability Report Vulnerability Name: UI Redressing Clickjacking Vulnerability Description: Clickjacking classified as a User Interface redress attack, UI redress attack, UI redressing is a malicious technique of tricking a user into clicking on something different from what t...

U.S. Dept Of Defense: XSS trigger via HTML Iframe injection in ( https://██████████ ) due to unfiltered HTML tags

Hi team, I found an Iframe injection issue where I chained it and formed an XSS. I found the issue in the text editor area while ███████ing the account. There is a place in the registration area where we have to give a reason for █████████. We can write our reason and edit to show more beautifull...

Sifchain: clickjacking vulnerability

Summary: add summary of the vulnerability While performing security testing of your website i have found the vulnerability called Clickjacking. Many URLS are in scope and vulnerable to Clickjacking. What is Clickjacking ? Clickjacking User Interface redress attack, UI redress attack, UI redressin...

UPchieve: Clickjacking on profile page leading to unauthorized changes

Summary: Any attacker could use iFrame options to connect remotely to the real website, And he can craft his own website using the iFrame options of the specific link and can lead to unauthorized changes if the user will be logged in. Steps To Reproduce: 1. Login to https://app.upchieve.org/profi...

Sifchain: Clickjacking /framing on sensitive Subdomain

Vulnerability Name : Clickjacking /framing Vulnerability Description : Clickjacking is an interface-based attack in which user is tricked into clicking on actionable content on a hidden website by clicking on some other content in a decoy website . Vulnerable Url :...

Sifchain: Vulnerable for clickjacking attack

Summary: Hii Team, I know that I have reported to you outside of Scope. The report is related to the mentioned company and the vulnerability can endanger your business so I report this vulnerability to you. Clickjacking User Interface redress attack, UI redress attack, UI redressing is a maliciou...

Sifchain: Clickjacking Vulnerability in sifchain.finance

Hello team - Greetings! Hope you are fine. sifchain.finance website is vulnerable to Clickjacking. NOT ONLY THE HOME PAGE IS VULNERABLE, ALL THE PAGES IN THE WEBSITE IS VULNERABLE TO CLICKJACKING. And it has to be fixed because, Clickjacking is an attack that tricks the user to click a webpage...

Security Bulletin: Vulnerability in WebSphere Application Server Liberty affects IBM Rational products based on IBM Jazz technology

Summary There is a clickjacking vulnerability in IBM WebSphere Application Server Liberty Admin Center bundled with IBM Jazz Team Server based Applications that affect the following products: Collaborative Lifecycle Management CLM, Rational DOORS Next Generation RDNG, Rational Engineering Lifecyc...

Sifchain: Clickjacking misconfiguration bug

Hi team, While performing security testing of your website i have found the vulnerability called Clickjacking. Many URLS are in scope and vulnerable to Clickjacking. What is Clickjacking ? Clickjacking User Interface redress attack, UI redress attack, UI redressing is a malicious technique of...

U.S. Dept Of Defense: Reflected XSS through ClickJacking

Description: Hello DoD team i found an reflected XSS that require user interaction, but it's suspicious due the reflected payload in the page ███████ So in this case i chain it with click-jacking with image background same like the legal website to make it more trusting ████████ below is the code...

U.S. Dept Of Defense: Reflected XSS through clickjacking at https://████

Description: I'm able to control the url being inserted into the query line at https://█████/████&url=http%3a%2f%2fgalnagli.com%2f%3Cimg+src%3dx+onerror%3dalert%28document.domain%29%3E The server issues a request there is also SSRF here I'll report later to the domain specified, and it renders th...

TIBCO Software TIBCO API Exchange Gateway Clickjacking Vulnerability

TIBCO Software TIBCO API Exchange Gateway is an application from TIBCO Software, Inc. It provides a central access point for managing enterprise APIs and provides an intermediary program between internal and external services, systems and devices. A security vulnerability exists in TIBCO API...

CVE-2021-23274

The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected syste...

CVE-2021-23274

The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected syste...

Design/Logic Flaw

The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected syste...

CVE-2021-23274

CVE-2021-23274 affects TIBCO API Exchange Gateway and the Distribution for TIBCO Silver Fabric. The vulnerability lies in the Config UI component, enabling a potential clickjacking attack accessible over the network with no authentication. Affected versions are 2.3.3 and below for both products; ...