CVE-2018-1432

IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking...

Cross site request forgery (csrf)

IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking...

CVE-2018-1432

IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking...

CVE-2018-1432

IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking...

CVE-2018-1432

CVE-2018-1432 affects IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7. The issue is cross-frame scripting that allows loading Information Server components inside an HTML iframe on a malicious page, enabling a potential clickjacking/ phishing scenario. The provided documents do not sp...

IBM InfoSphere Information Server Cross-Frame Scripting Vulnerability

IBM InfoSphere Information Server is a data integration platform that includes a range of products that enable you to understand, cleanse, monitor, transform, and transfer data, as well as collaborate to bridge the gap between business and IT. A cross-framework scripting vulnerability exists in I...

CVE-2017-1000479

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/http/pfsenseclickjacking.rb...

Mail.ru: Clickjacking Vulnerability on https://support.my.com/games/ticket/xxxx/

Hi There, I have found a Clickjacking vulnerability on your site. Steps to reproduce: 1.Go to https://support.my.com this site 2.Generate a Clickjacking script, save it as .html and run into your browser Script: iframe width: 800px; height: 500px; position: absolute; top: 0; left: 0; filter:...

Yelp: CRITICAL-CLICKJACKING at Yelp Reservations Resulting in exposure of victim Private Data (Email info) + Victim Credit Card MissUse.

Please have a look at this interesting article with precise explanation about Click-jacking security flaw: https://www.linkedin.com/pulse/20141202104842-120953718-why-am-i-anxious-about-clickjacking/ In Yelp platform the response headers of the Reservation page does not contain the X-Frame-Option...

Mail.ru: Modifying application settings via clickjacking on o2.mail.ru

It was possible to edit application information or delete application via clickjacking on o2.mail.ru...

Uber: Reflected XSS in https://eng.uberinternal.com and https://coeshift.corp.uber.internal/

The base parameter of /oidauth/prompt on multiple uberinternal.com subdomains was not sanitized before being reflected into the page body, making it vulnerable to reflected XSS. Additionally, these pages were affected by a clickjacking vulnerability that made exploitation easier, since a click wa...

Cisco TelePresence Server Cross-Frame Scripting Vulnerability

Cisco TelePresence Server Software is the United States of America Cisco Cisco is a set of video conferencing solutions known as "TelePresence" system. The program provides audio, video space and other components for remote participants to provide a "face-to-face" virtual meeting room effect. web...

CVE-2018-5304

An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The affected web interface is vulnerable to ClickJacking or UI Redressing: it is possible to access the web application in an iframe, and clicking on the iframe will redirect to a third-party application or...

Input validation

An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The affected web interface is vulnerable to ClickJacking or UI Redressing: it is possible to access the web application in an iframe, and clicking on the iframe will redirect to a third-party application or...

CVE-2018-5304

An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The affected web interface is vulnerable to ClickJacking or UI Redressing: it is possible to access the web application in an iframe, and clicking on the iframe will redirect to a third-party application or...

CVE-2018-5304

The Impinj Speedway Connect R420 RFID Reader web interface is affected by a ClickJacking/UI redress issue in versions prior to 2.2.2. An attacker could load the web interface in an iframe and, by user interaction, trigger redirection to a third-party application or other malicious actions. The ex...

CVE-2018-5304

An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The affected web interface is vulnerable to ClickJacking or UI Redressing: it is possible to access the web application in an iframe, and clicking on the iframe will redirect to a third-party application or...

Nextcloud: Click Jacking Nextcloud

Hello Security, Clickjacking User Interface redress attack, UI redress attack, UI redressing is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking contro...

CVE-2018-6112

Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

Zomato: Clickjacking: Delete Account, Change privacy settings, Rate business, follow/unfollow (IE)

Inspired by report 337219. Please note that this report includes a clear security impact as well as a proof of concept. CVSS ---- medium 5.0 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L Description ----------- The application does not send a X-Frame-Options header, thus allowing pages to be...