CVE-2016-9000

IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to conduct...

CVE-2016-9000

IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to conduct...

Cross site scripting

IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to conduct...

CVE-2016-9000

IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to conduct...

CVE-2016-9000

IBM InfoSphere DataStage is affected by CVE-2016-9000, a Cross‑Frame Scripting issue caused by insufficient HTML iframe protection. A remote attacker could entice a user to visit a crafted URL to load a page under the attacker’s control, enabling clickjacking or other client‑side browser attacks....

CVE-2016-5984

IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to...

CVE-2016-5984

IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to...

Cross site scripting

IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to...

CVE-2016-5984

IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to...

CVE-2016-5984

CVE-2016-5984 affects IBM InfoSphere Information Server and ISF/InfoSphere on Cloud. The vulnerability is a cross-frame scripting issue due to insufficient HTML iframe protection, enabling a remote attacker to use a crafted URL to perform clickjacking or similar client-side browser attacks. Affec...

CVE-2016-9413

The Admin control panel in MyBB aka MyBulletinBoard before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to conduct clickjacking attacks via unspecified vectors...

CVE-2016-9413

The Admin control panel in MyBB aka MyBulletinBoard before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to conduct clickjacking attacks via unspecified vectors...

Code injection

The Admin control panel in MyBB aka MyBulletinBoard before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to conduct clickjacking attacks via unspecified vectors...

CVE-2016-9413

The Admin control panel in MyBB aka MyBulletinBoard before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to conduct clickjacking attacks via unspecified vectors...

CVE-2016-9413

The CVE-2016-9413 entry affects MyBB Admin control panel and MyBB Merge System prior to 1.8.7. The underlying issue is clickjacking via unspecified vectors, enabling remote attackers to perform clickjacking against affected admin interfaces. The vulnerable components are the Admin control panel a...

Pushwoosh: Clickjacking

Steps to reproduce: create index.html file with following content: Open index.html in browser Actual result: Pushwoosh viewed in iframe. Expected result: do not allow clickjacking Root cause: var isInIFrame = function try return window.self !== window.top; catch e return true; ;...

Clickjacking Vulnerability in HP Diagnostics

HP Diagnostics is a suite of end-to-end application management, monitoring, diagnostic analysis and troubleshooting solutions from Hewlett-Packard. A clickjacking vulnerability exists in HP Diagnostics. An attacker could exploit this vulnerability to steal cookie-based authentication credentials...

X (Formerly Twitter): Clickjacking Periscope.tv on Chrome

Hi, The X-FRAME-OPTIONS header returned from https://www.periscope.tv is: X-Frame-Options: ALLOW-FROM https://twitter.com/ But Chrome doesn't support this value for the header: https://www.owasp.org/index.php/ClickjackingDefenseCheatSheet. Because of that, no value for X-FRAME-OPTIONS is set and...

Multiple IBM Product Clickjacking Vulnerabilities

IBM InfoSphere DataStage and InfoSphere Information Server on Cloud are both products of IBM USA. The former is a set of graphical interface to provide data integration solutions ETL data extraction, transformation and loading tools, the latter is a set of cloud-based data integration platform. A...

Yelp: Clickjacking @ Main Domain[www.yelp.com]

Hello Yelp Security Team, I Just want to submit a report Clickjacking on your Main Domain, I Know that this is a Low Risk But may i know if your aware of it. PoC: See Atachments. Impact: For example, imagine an attacker who builds a web site that has a button on it that says "click here for a fre...