CVE-2016-1474

Cisco Prime Infrastructure 2.22 does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting XFS" issue, aka Bug ID CSCuw65846, a different...

CVE-2016-1474

Cisco Prime Infrastructure 2.22 does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting XFS" issue, aka Bug ID CSCuw65846, a different...

Cross site scripting

Cisco Prime Infrastructure 2.22 does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting XFS" issue, aka Bug ID CSCuw65846, a different...

CVE-2016-1474

Cisco Prime Infrastructure 2.22 does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting XFS" issue, aka Bug ID CSCuw65846, a different...

CVE-2016-1474

CVE-2016-1474 affects Cisco Prime Infrastructure 2.2(2). The vulnerability is a cross-frame scripting (XFS) issue caused by insufficient iframe protections, enabling an unauthenticated, remote attacker to perform clickjacking and related client-side attacks via a crafted page. The issue is docume...

OrientDB Server < 2.0.15, 2.1.x < 2.1.1 Clickjacking Vulnerability

OrientDB server is prone to a clickjacking vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:orientdb:orientdb";...

Cisco Prime Infrastructure Cross-Frame Scripting Vulnerability

A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user to a...

SUSE-SU-2016:1946-1 Security update for hawk2

This update for hawk2 fixes one security issue and one bug. The following security change is included: - To prevent Clickjacking attacks, set Content-Security-Policy to frame-ancestors 'self' bsc984619 The following non-security issue was fixed: - In the Wizards UI, prevent text display issues du...

X (Formerly Twitter): Stealing User emails by clickjacking cards.twitter.com/xxx/xxx

Hello In twitter you can create cards to generate leads. For example: https://twitter.com/i/cards/tfw/v1/759046372544741376?cardname=promotion&autoplaydisabled=true&earned=true&lang=en&cardheight=357 If you visit the above URL and click the button your email and username is sent to my domain. Sin...

Unspecified Vulnerability in F-Secure SAFE for Mac

F-Secure SAFE for Mac is a suite of antivirus software for Mac from the Finnish company F-Secure. A security vulnerability exists in F-Secure SAFE for Mac versions 15.0 through 16.1. An attacker can exploit the vulnerability to send bank security notices on non-banking websites, bypass browser...

CVE-2016-0357

IBM Security Identity Manager ISIM Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows remote attackers to conduct clickjacking attacks via a crafted web site...

CVE-2016-0357

IBM Security Identity Manager ISIM Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows remote attackers to conduct clickjacking attacks via a crafted web site...

Design/Logic Flaw

IBM Security Identity Manager ISIM Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows remote attackers to conduct clickjacking attacks via a crafted web site...

CVE-2016-0357

CVE-2016-0357 affects IBM Security Identity Manager Virtual Appliance 7.0.0.0–7.0.1.1 (before FP0003). A remote attacker can hijack the user’s clicking action via a crafted website (clickjacking). The advisory lists remediation by upgrading to IBM Security Identity Manager (ISIM) Virtual Applianc...

CVE-2016-0357

IBM Security Identity Manager ISIM Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows remote attackers to conduct clickjacking attacks via a crafted web site...

NetApp Snap Creator Framework Clickjacking Vulnerability

NetApp Snap Creator Framework is the United States NetApp company's set of integrated NetApp functionality plug-ins and popular third-party applications framework. A clickjacking vulnerability exists in NetApp Snap Creator Framework version 4.3P1, which can be exploited by an attacker to compromi...

activemq: Clickjacking in Web Console

It was reported that the web based administration console does not set the X-Frame-Options header in HTTP responses. This allows the console to be embedded in a frame or iframe which could then be used to cause a user to perform an unintended action in the console...

CVE-2016-0314

The Report Builder and Data Collection Component DCC in IBM Jazz Reporting Service JRS 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allow remote authenticated users to conduct clickjacking attacks via unspecified vectors...

CVE-2016-0314

The Report Builder and Data Collection Component DCC in IBM Jazz Reporting Service JRS 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allow remote authenticated users to conduct clickjacking attacks via unspecified vectors...

Code injection

The Report Builder and Data Collection Component DCC in IBM Jazz Reporting Service JRS 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allow remote authenticated users to conduct clickjacking attacks via unspecified vectors...