CVE-2018-7491

In PrestaShop through 1.7.2.5, a UI-Redressing/Clickjacking vulnerability was found that might lead to state-changing impact in the context of a user or an admin, because the generateHtaccess function in classes/Tools.php sets neither X-Frame-Options nor 'Content-Security-Policy "frame-ancestors'...

CVE-2011-2892

Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

CVE-2019-0305

Java Server Pages JSPs provided by the SAP NetWeaver Process Integration SAPXIESR and SAPXITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability...

CVE-2012-2294

EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page...

Alibaba Cloud Linux 3 : 0146: cockpit (ALINUX3-SA-2023:0146)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0146 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-3660: Cockpit and its plugins do...

AlmaLinux 9 : firefox (ALSA-2025:2359)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:2359 advisory. firefox: Use-after-free in WebTransportChild CVE-2025-1931 firefox: AudioIPC StreamData could trigger a use-after-free in the Browser process CVE-2025-193...

CVE-2025-43854

DIFY is an open-source LLM app development platform. Prior to version 1.3.0, a clickjacking vulnerability was found in the default setup of the DIFY application, allowing malicious actors to trick users into clicking on elements of the web page without their knowledge or consent. This can lead to...

Security Bulletin: IBM Robotic Process Automation is vulnerable to Clickjacking (CVE-2022-22503)

Summary IBM Robotic Process Automation could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks again...

CVE-2025-43854

DIFY is an open-source LLM app development platform. Prior to version 1.3.0, a clickjacking vulnerability was found in the default setup of the DIFY application, allowing malicious actors to trick users into clicking on elements of the web page without their knowledge or consent. This can lead to...

CVE-2025-43854 DIFY vulnerable to Clickjacking Attack

DIFY is an open-source LLM app development platform. Prior to version 1.3.0, a clickjacking vulnerability was found in the default setup of the DIFY application, allowing malicious actors to trick users into clicking on elements of the web page without their knowledge or consent. This can lead to...

CVE-2025-43854

DIFY (LangGenius Open Source) prior to version 1.3.0 is affected by a clickjacking vulnerability in the default web setup. The issue allows an attacker to trick users into clicking on elements, potentially triggering unauthorized actions and compromising security/privacy. The vulnerability is fix...

CVE-2025-43854 DIFY vulnerable to Clickjacking Attack

DIFY is an open-source LLM app development platform. Prior to version 1.3.0, a clickjacking vulnerability was found in the default setup of the DIFY application, allowing malicious actors to trick users into clicking on elements of the web page without their knowledge or consent. This can lead to...

CVE-2025-43854 DIFY vulnerable to Clickjacking Attack

DIFY is an open-source LLM app development platform. Prior to version 1.3.0, a clickjacking vulnerability was found in the default setup of the DIFY application, allowing malicious actors to trick users into clicking on elements of the web page without their knowledge or consent. This can lead to...

dify 安全漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in versions of dify prior to 1.3.0, which stems from a clickjacking vulnerability in the default settings that could lead to unauthorized operations...

PT-2025-18093 · Dify · Dify

Name of the Vulnerable Software and Affected Versions: DIFY versions prior to 1.3.0 Description: A clickjacking issue was found in the default setup of the DIFY application, allowing malicious actors to trick users into clicking on elements of the web page without their knowledge or consent. This...

Clickjacking

tarteaucitronjs is vulnerable to clickjacking. The vulnerability is due to improper validation of user-controlled CSS inputs for element dimensions, allowing attackers to overlay the viewport with malicious elements...

CVE-2025-31138

tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where user-controlled inputs for element dimensions width and height were not properly validated. This allowed an attacker with direct access to the site's source code...

tarteaucitron.js allows UI manipulation via unrestricted CSS injection

A vulnerability was identified in tarteaucitron.js, where user-controlled inputs for element dimensions width and height were not properly validated. This allowed an attacker with direct access to the site's source code or a CMS plugin to set values like 100%;height:100%;position:fixed;,...

GHSA-7524-3396-FQV3 tarteaucitron.js allows UI manipulation via unrestricted CSS injection

A vulnerability was identified in tarteaucitron.js, where user-controlled inputs for element dimensions width and height were not properly validated. This allowed an attacker with direct access to the site's source code or a CMS plugin to set values like 100%;height:100%;position:fixed;,...

CVE-2025-31138

tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where user-controlled inputs for element dimensions width and height were not properly validated. This allowed an attacker with direct access to the site's source code...