CVE-2020-15793

A vulnerability has been identified in Desigo Insight All versions. The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by...

Design/Logic Flaw

A vulnerability has been identified in Desigo Insight All versions. The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by...

CVE-2020-15793

A vulnerability has been identified in Desigo Insight All versions. The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by...

CVE-2020-15793

CVE-2020-15793 affects Siemens Desigo Insight (all versions). The vulnerability stems from not properly setting the X-Frame-Options header, enabling clickjacking that could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user. The ICSA advisory notes th...

keycloak: security headers missing on REST endpoints

A flaw was found in Keycloak’s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible...

Siemens Desigo Insight

1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Desigo Insight Vulnerabilities: SQL Injection, Improper Restriction of Rendered UI Layers or Frames, Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION...

Apache Calcite Clickjacking Vulnerability

Apache Calcite is a dynamic data management framework that has many of the features of a typical database management system, such as SQL parsing, SQL validation, SQL query optimization, SQL generation, and data connection queries. clickjacking vulnerability exists in versions of Apache Calcite...

keycloak: security headers missing on REST endpoints

A flaw was found in Keycloak’s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible...

U.S. Dept Of Defense: POST based RXSS on https://███████/ via ███ parameter

Good Night DoD team, Summary: I have discovered that on the following domain https://██████████/███████ there is Post-Based reflected XSS vulnerability which i can trigger with CSRF and Clickjacking due to unsanitized input inside the ███parameter ██████████ Description The vulnerable path is:...

Acronis: Get ip and Geo location any user via Clickjacking with inspectlet technology

Summary Get ip and Geo location any user via Clickjacking with inspectlet technology https://geoapi.acronis.com/?q=admin/views/ajax/autocomplete/user/a Steps To Reproduce 1. go to F1015419 2. will watch your geo data ex. "city":"Abu...

U.S. Dept Of Defense: POST based RXSS on https://█████ via frm_email parameter

Good Afternoon DoD team, Summary: I have discovered that on the following domain https://███████ there is Post-Based reflected XSS vulnerability which i can trigger with CSRF and Clickjacking due to unsanitized input inside the frmemail parameter Description The vulnerable path is: https://███ CS...

ismartgate PRO Clickjacking Vulnerability

iSmartGate is a smart garage door opener system. A clickjacking vulnerability exists in ismartgate PRO, which allows remote attackers to exploit the vulnerability to submit a special URL request that can be parsed by the user, which can be used to gain access to sensitive information, among other...

IBM InfoSphere Information Server Clickjacking Vulnerability

IBM InfoSphere Information Server is a data integration platform that includes a range of products that enable you to understand, cleanse, monitor, transform, and transfer data, as well as collaborate to bridge the gap between business and IT. A clickjacking vulnerability exists in IBM InfoSphere...

CVE-2020-13119

ismartgate PRO 1.5.9 is vulnerable to clickjacking...

CVE-2020-13119

ismartgate PRO 1.5.9 is vulnerable to clickjacking...

Design/Logic Flaw

ismartgate PRO 1.5.9 is vulnerable to clickjacking...

CVE-2020-13119

ismartgate PRO 1.5.9 is vulnerable to clickjacking...

CVE-2020-13119

CVE-2020-13119 affects ismartgate PRO 1.5.9. Connected documents describe a clickjacking vulnerability that could enable remote attackers to trick users and potentially access sensitive information. The materials do not specify the exact root cause in code terms, additional affected components be...

Clickjacking Attack

Node.js is vulnerable to clickjacking. An attacker can perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the...

Clickjacking

firefox is vulnerable to clickjacking. An attacker can position a custom cursor over the address bar to spoof the actual cursor to trick users into clicking on permission prompts, doorhanger notifications, or other buttons inadvertently if the location is spoofed over the user interface. This...