CVE-2020-1728

A flaw was found in Keycloak’s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible...

CVE-2020-1728

A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other...

CVE-2020-1728

A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other...

Design/Logic Flaw

A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other...

CVE-2020-1728

CVE-2020-1728 affects Red Hat’s Red Hat Single Sign-On / Keycloak projects. The issue is described as security headers missing on REST endpoints for Keycloak, which could ease client-side attacks like clickjacking or other header-reliant abuse. The connected Red Hat advisories explicitly link thi...

CVE-2020-1728

A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other...

CVE-2019-19001

For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentia...

CVE-2019-19001

For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentia...

CVE-2019-19001

For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentia...

Authentication flaw

For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentia...

CVE-2019-19001

ABB eSOMS is affected by CVE-2019-19001 due to the absence of the X-Frame-Options header in HTTP responses for versions 4.0 to 6.0.2. This can enable ClickJacking by framing parts of the application on a malicious site, potentially exposing sensitive user credentials. Root cause: HTTP responses l...

CVE-2019-19001 eSOMS X-FrameOption

For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentia...

Kubernetes: Clickjacking

Report Submission Form Summary: Clickjacking is an attack that tricks a user into clicking a webpage element which is invisible or disguised as another element Description: Clickjacking User Interface redress attack, UI redress attack, UI redressing is a malicious technique of tricking a Web user...

GLSA-202003-02 : Mozilla Firefox: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202003-02 Mozilla Firefox: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user t...

jenkins: REST APIs vulnerable to clickjacking

REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks...

CVE-2015-5686

Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF Cross-Site Request Forgery attacks. This would allow an attacker to redirect user input to an untrusted site or hijack a user session...

Cross site request forgery (csrf)

Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF Cross-Site Request Forgery attacks. This would allow an attacker to redirect user input to an untrusted site or hijack a user session...

CVE-2015-5686

Puppet Enterprise Console 3.x is affected by CSRF and clickjacking vulnerabilities leading to possible session hijacking or redirection of user input to untrusted sites. This CVE (CVE-2015-5686) is corroborated by multiple sources in connected documents (e.g., CNVD-2020-17190 and NVD entries) des...

CVE-2015-5686

Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF Cross-Site Request Forgery attacks. This would allow an attacker to redirect user input to an untrusted site or hijack a user session...

jenkins: REST APIs vulnerable to clickjacking

REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks...