JVN#24457594: Multiple vulnerabilities in EC-CUBE

EC-CUBE provided by EC-CUBE CO.,LTD. contains multiple vulnerabilities listed below. Clickjacking attacks CWE-1021 - CVE-2020-5679 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N| Base Score: 4.3 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N| Base Score: 2.6 Imprope...

Ec-cube 安全漏洞

Ec-cube is an open source e-commerce system of the Japanese company Ec-cube . A security vulnerability exists in EC-CUBE versions 3.0.0 through 3.0.18, which stems from Failure to properly restrict the rendering of UI layers or frames can lead to clickjacking attacks. If a user accesses a special...

Nextcloud: Clickjacking URLS

Hey Team While performing security testing of your websites i have found the vulnerability called Clickjacking. Many URLS are in scope and vulnerable to Clickjacking. The server didn't return an X-Frame-Options header which means that this website could be at risk of a clickjacking attack. The...

CVE-2020-26962

Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox 83...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 83, which stems from the fact that a cross-domain iframe containing a login form may have been recognized and populated by the login...

Security Vulnerabilities fixed in Firefox 83 — Mozilla

A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. Incorrect bookkeepi...

UBUNTU-CVE-2020-26962

Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox 83...

IBM App Connect Enterprise Clickjacking Vulnerability

IBM App Connect Enterprise is an operating system from IBM Corporation of the U.S.A. IBM App Connect Enterprise combines existing industry-trusted IBM Integration Bus technology with IBM App Connect Professional and new cloud-native technologies to IBM App Connect Enterprise combines existing...

Mail.ru: Clickjacking Vulnerability via https://www.donationalerts.com/help/support leads to bypass for widget.support.my.games X-Frame Options

Clickjacking protection bypass on widget.support.my.games via donationalerts.com...

Security Bulletin: App Connect Enterprise Certified Container Dashboard is vulnerable to clickjacking (CVE-2020-4785)

Summary App Connect Enterprise Certified Container Dashboard is vulnerable to a clickjacking attack that may cause an information leak. Vulnerability Details CVEID: CVE-2020-4785 DESCRIPTION: IBM App Connect Enterprise Certified Container could allow a remote attacker to hijack the clicking actio...

Clickjacking

github.com/gophish/gophish is vulnerable to clickjacking. An authenticated administrator can be successfully tricked into clicking a "Reset" button in the settings page which will cause their API key to be reset, resulting in a denial of service to the application...

Gophish denial of service vulnerability

Gophish is a powerful open source phishing framework. A denial of service vulnerability exists in the "Reset" button on the "Account Settings" page in Gophish versions prior to 0.11.0. This vulnerability can be exploited to cause a denial of service via a clickjacking attack...

CVE-2020-24711

The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack...

CVE-2020-24711

The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack...

Design/Logic Flaw

The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack...

CVE-2020-24711

The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack...

CVE-2020-24711

CVE-2020-24711 affects Gophish prior to 0.11.0. The Reset button on the Account Settings page can be exploited via clickjacking, causing a denial of service. Public details describe that an authenticated administrator could be tricked into clicking the Reset button, which may reset the API key an...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.6.1 image security update

An update is now available for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

IBM WebSphere Application Server 6.1.0.x < 6.1.0.47 / 7.0.0.x < 7.0.0.31 / 8.0.0.x < 8.0.0.7 / 8.5.x < 8.5.5.1 Clickjacking (CVE-2013-1571)

The IBM WebSphere Application Server running on the remote host is version 6.1.0.x prior to 6.1.0.47, 7.0.0.x prior to 7.0.0.31, 8.0.0.x prior to 8.0.0.7, or 8.5.0.x prior to 8.5.5.1. It is, therefore, affected by a vulnerability in the HTML documentation generated by the Javadoc tool. An...

CVE-2020-15793

A vulnerability has been identified in Desigo Insight All versions. The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by...