CVE-2015-1980

IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors...

Code injection

IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors...

CVE-2015-1980

IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors...

CVE-2015-1980

IBM InfoSphere Master Data Management - Collaborative Edition vulnerable to clickjacking on versions 9.1, 10.1, 11.0, 11.3, 11.4 prior to FP03. Exploitation could allow remote authenticated users to hijack the victim’s click actions via crafted HTTP requests or malicious sites. Affected versions ...

Cross site scripting

The web interface in Cisco Identity Services Engine ISE 1.14.1, 1.3106.146, and 1.3120.135 does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame...

CVE-2015-4266

The web interface in Cisco Identity Services Engine ISE 1.14.1, 1.3106.146, and 1.3120.135 does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame...

CVE-2015-4266

The web interface in Cisco Identity Services Engine ISE 1.14.1, 1.3106.146, and 1.3120.135 does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame...

CVE-2015-4266

CVE-2015-4266 affects Cisco Identity Services Engine (ISE) web interface: ISE 1.1(4.1), 1.3(106.146), and 1.3(120.135) are vulnerable due to insufficient iframe protection, enabling cross-frame scripting (XFS)/clickjacking via a crafted site. Impact is remote, unauthenticated browser attacks (cli...

CollabNet Subversion Edge missing clickjacking protection

Vuln Title: The CollabNet Subversion Edge Management Frontend does not implement clickjacking protection Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Clickjacking Risk: Medium Status:...

Multiple Blue Coat Systems SSL Visibility Appliance Products Incorrectly Enter Authentication Vulnerabilities

Blue Coat Systems SSL Visibility Appliance SV800 and others are products of Blue Coat Systems, U.S.A. The Blue Coat SSL Visibility Appliance SV800 is a management platform that provides complete visibility into encrypted traffic. The appliance offers features such as a dedicated encrypted traffic...

Coinbase: OAuth authorization page vulnerable to clickjacking

Due to a misconfiguration, the 'authorize' button on the OAuth authorization page was vulnerable to clickjacking. The bug was fixed by ensuring our OAuth-related responses included the same security headers including X-Frame-Options as the rest of the site...

McAfee Agent 4.6.x < 4.8.0.1938 / 5.0.x < 5.0.1 Log View Clickjacking (SB10094)

According to its self-reported version, the McAfee Agent MA running on the remote host is 4.6.x prior to 4.8.0.1938 or 5.0.x prior to 5.0.1. It is, therefore, affected by a clickjacking vulnerability in the log viewing feature due to improper validation of user-supplied input. A remote attacker c...

McAfee Managed Agent 4.6.x < 4.8.0.1938 / 5.0.x < 5.0.1 Log View Clickjacking (SB10094) (credentialed check)

According to its self-reported version number, the remote host has a version of McAfee Agent MA installed that is 4.6.x prior to 4.8.0.1938 or 5.0.x prior to 5.0.1. It is, therefore, affected by a clickjacking vulnerability in the log viewing feature due to improper validation of user-supplied...

CVE-2015-2854

The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via vectors involving an IFRAME element...

Design/Logic Flaw

The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via vectors involving an IFRAME element...

CVE-2015-2854

The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via vectors involving an IFRAME element...

CVE-2015-2854

The CVE-2015-2854 entry concerns Blue Coat SSL Visibility Appliance WebUI (SV800, SV1800, SV2800, SV3800) versions 3.6.x–3.8.3. The root cause is improper X-Frame-Options handling in the WebUI, failing to enforce same-origin policy and enabling clickjacking via crafted IFRAMEs. Impact is remote, ...

Legal Robot: Missing security headers, possible clickjacking

Security researcher discovered missing headers, including x-frame-options and content-security-policy...

SA96 : SSL Visibility Appliance Web-based Vulnerabilities

SUMMARY The SSL Visibility Appliance is susceptible to multiple web-based vulnerabilities in the administration console. The console is accessible only through the dedicated administration port. A remote attacker can use these vulnerabilities to obtain administrative access to the SSL Visibility...

Juniper Networks Junos OS J-Web Clickjacking Vulnerability

Junos OS is prone to Clickjacking vulnerability on J-Web. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:juniper:junos"; if...