3797 matches found
CVE-2019-17131
vBulletin before 5.5.4 allows clickjacking...
CVE-2019-17131
vBulletin before 5.5.4 allows clickjacking...
Security feature bypass
vBulletin before 5.5.4 allows clickjacking...
CVE-2019-17131
CVE-2019-17131 affects vBulletin releases prior to 5.5.4 and is a clickjacking vulnerability. The provided documents consistently identify the affected product as vBulletin and the root issue as a clickjacking flaw that could enable an attacker to deceive users into performing unintended actions....
CVE-2019-17131
vBulletin before 5.5.4 allows clickjacking...
Security Bulletin: Clickjacking vulnerability in WebSphere Application Server Liberty Admin Center in IBM Cloud (CVE-2019-4285)
Summary There is a clickjacking vulnerability in IBM WebSphere Application Server Liberty Admin Center. Vulnerability Details CVEID: CVE-2019-4285 DESCRIPTION: IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. By...
IBM Application Performance Management Clickjacking Vulnerability
IBM Application Performance Management APM is a suite of IT service management software from IBM in the United States. The software is primarily used to monitor and manage cloud, on-premise and hybrid applications, and IT infrastructure. A clickjacking vulnerability exists in IBM APM Base Private...
CVE-2019-1975
A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerabilit...
Hardcoded credentials
A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerabilit...
CVE-2019-1975 Cisco HyperFlex Software Cross-Frame Scripting Vulnerability
A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerabilit...
CVE-2019-1975
CVE-2019-1975 affects the web-based interface of Cisco HyperFlex Software. The root cause is insufficient HTML iframe protection, enabling a cross-frame scripting (XFS) attack. An unauthenticated, remote attacker could lure a user to a malicious page containing an HTML iframe, potentially resulti...
CVE-2019-1975 Cisco HyperFlex Software Cross-Frame Scripting Vulnerability
A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerabilit...
Cisco HyperFlex Software Cross-Frame Scripting Vulnerability
A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerabilit...
LastPass Credential Leak From Previous Site Vulnerability
LastPass suffers from an issue where bypassing dopopupregister leaks credentials from the previous site. lastpass: bypassing dopopupregister leaks credentials from previous site I noticed that you can create a popup without calling dopopupregister by iframing popupfilltab.html i.e. via...
CVE-2019-16371
LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim's account on a previously visited web site, because dopopupregister can be bypassed via clickjacking...
CVE-2019-16371
LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim's account on a previously visited web site, because dopopupregister can be bypassed via clickjacking...
Design/Logic Flaw
LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim's account on a previously visited web site, because dopopupregister can be bypassed via clickjacking...
CVE-2019-16371
CVE-2019-16371 affects LogMeIn LastPass prior to version 4.33.0. The issue arises from a vulnerability where a crafted website can bypass do_popupregister via clickjacking, enabling credential harvesting for accounts on previously visited sites. This is documented across multiple sources (NVD and...
CVE-2019-16371
LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim's account on a previously visited web site, because dopopupregister can be bypassed via clickjacking...
LastPass Credential Leak From Previous Site
lastpass: bypassing dopopupregister leaks credentials from previous site I noticed that you can create a popup without calling dopopupregister by iframing popupfilltab.html i.e. via moz-extension, ms-browser-extension, chrome-extension, etc. It's a valid webaccessibleresource. Because...