3797 matches found
CVE-2019-9147
Mailvelope prior to 3.1.0 is vulnerable to a clickjacking attack against the settings page. As the settings page is intended to be accessible from web applications, the browser's extension isolation mechanisms are disabled webaccessibleresources. Mailvelope implements additional measures to preve...
Design/Logic Flaw
Mailvelope prior to 3.1.0 is vulnerable to a clickjacking attack against the settings page. As the settings page is intended to be accessible from web applications, the browser's extension isolation mechanisms are disabled webaccessibleresources. Mailvelope implements additional measures to preve...
CVE-2019-9147
Mailvelope CVE-2019-9147 affects the Mailvelope browser extension before version 3.1.0. The vulnerability is a clickjacking issue on the settings page, which is intended to be embedded by web apps. The problem arises because the browser extension isolation mechanisms are disabled via web_accessib...
CVE-2019-9147
Mailvelope prior to 3.1.0 is vulnerable to a clickjacking attack against the settings page. As the settings page is intended to be accessible from web applications, the browser's extension isolation mechanisms are disabled webaccessibleresources. Mailvelope implements additional measures to preve...
CVE-2019-3794: UAA - Login app subject to clickjacking attack | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions Severity is medium unless otherwise noted. UAA Release OSS is vulnerable prior to v73.4.0 Description Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various...
17-Year-Old Weakness in Firefox Let HTML File Steal Other Files From Device
Except for phishing and scams, downloading an HTML attachment and opening it locally on your browser was never considered as a severe threat until a security researcher today demonstrated a technique that could allow attackers to steal files stored on a victim's computer. Barak Tawily, an...
BCN Quark Quarking Password Manager Clickjacking Vulnerability
BCN Quark Quarking Password Manager is a password management tool. A clickjacking vulnerability exists in BCN Quark Quarking Password Manager version 3.1.84. The vulnerability arises from a network system or product that does not properly validate incoming data. An attacker could exploit this...
CVE-2019-12880
BCN Quark Quarking Password Manager 3.1.84 suffers from a clickjacking vulnerability caused by allowing within webaccessibleresources. An attacker can take advantage of this vulnerability and cause significant harm...
CVE-2019-12880
BCN Quark Quarking Password Manager 3.1.84 suffers from a clickjacking vulnerability caused by allowing within webaccessibleresources. An attacker can take advantage of this vulnerability and cause significant harm...
Design/Logic Flaw
BCN Quark Quarking Password Manager 3.1.84 suffers from a clickjacking vulnerability caused by allowing within webaccessibleresources. An attacker can take advantage of this vulnerability and cause significant harm...
CVE-2019-12880
BCN Quark Quarking Password Manager 3.1.84 suffers from a clickjacking vulnerability caused by allowing within webaccessibleresources. An attacker can take advantage of this vulnerability and cause significant harm...
CVE-2019-12880
CVE-2019-12880 affects BCN Quark Quarking Password Manager (v3.1.84). The issue is a clickjacking vulnerability caused by allowing a wildcard (*) in web_accessible_resources, enabling a malicious page to load the password manager UI in a framed context. This could allow attackers to trick users i...
New Relic: Site-wide clickjacking at IE11
Hey team, I have discovered that the protection you use for clickjacking preventing is a CSP with frame-ancestors directive. But IE11 doesn't support this directive so you customers using this browser can be attacked. The market share of IE11 is about 2.5% now and it's higher than, for example,...
SAP NetWeaver Process Integration Clickjacking Vulnerability
SAP NetWeaver Process Integration PI is an SAP enterprise application integration software from SAP, Germany, and is a component of the NetWeaver product group. The component is mainly used for the exchange of information between the internal system and the external. A clickjacking vulnerability...
CVE-2019-0305
Java Server Pages JSPs provided by the SAP NetWeaver Process Integration SAPXIESR and SAPXITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability...
Spoofing
Java Server Pages JSPs provided by the SAP NetWeaver Process Integration SAPXIESR and SAPXITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability...
CVE-2019-0305
Java Server Pages JSPs provided by the SAP NetWeaver Process Integration SAPXIESR and SAPXITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability...
CVE-2019-0305
The CVE-2019-0305 entry describes a Clickjacking vulnerability in SAP NetWeaver Process Integration JSPs (SAP_XIESR and SAP_XITOOL versions 7.10–7.11, 7.20, 7.30, 7.31, 7.40, 7.50) where frame UI restrictions are insufficient or incorrect, allowing UI elements from other domains to be overlaid. T...
CVE-2019-0305
Java Server Pages JSPs provided by the SAP NetWeaver Process Integration SAPXIESR and SAPXITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability...
CVE-2019-5243
There is a Clickjacking vulnerability in Huawei HG255s product. An attacker may trick user to click a link and affect the integrity of a device by exploiting this vulnerability...