3797 matches found
CVE-2020-13174
The web server in the Teradici Managament console versions 20.04 and 20.01.1 did not properly set the X-Frame-Options HTTP header, which could allow an attacker to trick a user into clicking a malicious link via clickjacking...
Design/Logic Flaw
The web server in the Teradici Managament console versions 20.04 and 20.01.1 did not properly set the X-Frame-Options HTTP header, which could allow an attacker to trick a user into clicking a malicious link via clickjacking...
CVE-2020-13174
The web server in the Teradici Managament console versions 20.04 and 20.01.1 did not properly set the X-Frame-Options HTTP header, which could allow an attacker to trick a user into clicking a malicious link via clickjacking...
CVE-2020-13174
The CVE-2020-13174 entry affects the Teradici Management Console, specifically the web server in versions 20.04 and 20.01.1. The root cause is that the X-Frame-Options HTTP header was not properly set, enabling clickjacking or UI redress attacks by tricking users into clicking malicious links. Co...
PT-2020-13373 · Teradici · Teradici Management Console
Name of the Vulnerable Software and Affected Versions: Teradici Management console versions 20.04 and 20.01.1 Description: The web server in the Teradici Management console did not properly set the X-Frame-Options HTTP header, which could allow an attacker to trick a user into clicking a maliciou...
Automattic: [api.tumblr.com] Exploiting clickjacking vulnerability to trigger self DOM-based XSS
Hello i have found a clickjacking vulnerability in https://api.tumblr.com/console/ And a self DOM-based XSS In https://api.tumblr.com/console/calls/user/follow/unfollow A attacker can exploit the clickjacking to trigged the self DOM-based XSS Vulnerable URL to clickjacking :...
Acronis: ClickJacking
I have found the vulnerability called Clickjacking. Please find the details below: Description Clickjacking is an exploit in which malicious coding is hidden beneath apparently legitimate buttons or other clickable content on a website. OWASP Benchmark A6- Security Misconfiguration Steps to...
SUSE-RU-2020:2072-1 Security update for ansible, crowbar-core, crowbar-ha, crowbar-openstack, etcd, flannel, grafana, keepalived, kibana, memcached, monasca-installer, openstack-dashboard-theme-SUSE, openstack-manila, openstack-neutron-fwaas, openstack-nova, openstack-tempest, python-Django, python-Pillow, python-psql2mysql, python-psutil, python-py, python-pysaml2, python-waitress, rabbitmq-server, release-notes-suse-openstack-cloud, zookeeper
This update for ansible, crowbar-core, crowbar-ha, crowbar-openstack, etcd, flannel, grafana, keepalived, kibana, memcached, monasca-installer, openstack-dashboard-theme-SUSE, openstack-manila, openstack-neutron-fwaas, openstack-nova, openstack-tempest, python-Django, python-Pillow,...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Firefox vulnerability (USN-4423-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4423-1 advisory. It was discovered that X-Frame-Options could be bypassed in some circumstances. If a user were tricked in to opening a specially crafted...
USN-4423-1 firefox vulnerability
It was discovered that X-Frame-Options could be bypassed in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct clickjacking attacks...
USN-4423-1: Firefox vulnerability
It was discovered that X-Frame-Options could be bypassed in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct clickjacking attacks...
PT-2021-9173 · Openshift Container Platform · Kibana
Name of the Vulnerable Software and Affected Versions: OpenShift Container Platform's distribution of Kibana affected versions not specified Description: A flaw in OpenShift Container Platform's distribution of Kibana allows it to be opened in an iframe, enabling an attacker to intercept and...
WordPress: Clickjacking on donation page
Description: Vulnerable URL: https://wordpressfoundation.org/donate/ Clickjacking on the vulnerable URL allows an attacker to redirect a victim to do a donation at an attacker's page. Steps To Reproduce: 1 To test whether the page is vulnerable to clickjacking or not use this code i Frame THIS PA...
Mail.ru: Clickjacking Vulnerability via https://webagent.mail.ru leading to protection bypass for https://web.icq.com/ end point
Clickjacking protection bypass on web.icq.com via webagent.mail.ru...
CVE-2019-4323
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."...
CVE-2019-4323
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."...
Spoofing
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."...
CVE-2019-4323
CVE-2019-4323 concerns HCL AppScan Enterprise’s advisory API documentation being vulnerable to clickjacking. The CNVD entry specifies that AppScan Enterprise 10.0.0 and earlier versions are affected and that an attacker could inject content from untrustworthy pages by framing the advisory API doc...
CVE-2019-4323
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."...
FreeBSD : py-matrix-synapse -- multiple vulnerabilities (d9f686f3-fde0-48dc-ab0a-01c2fe3e0529)
Matrix developers report : Due to the two security issues highlighted below, server administrators are encouraged to update Synapse. We are not aware of these vulnerabilities being exploited in the wild. - A malicious homeserver could force Synapse to reset the state in a room to a small subset o...