PT-2022-20882 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.4.1 Description: The issue is related to improper restriction of rendered UI layers or frames, allowing attackers to perform clickjacking attacks. This can trick victims into performing actions such as entering...

User Account Deletion and more via Clickjacking

Description As nakama console is not restricted from being loaded in an iframe, clickjacking attack is possible. Proof of Concept 1. Login to nakama console. 2. Save the following as an .html file and open it in the browser to see that the page loads into an iframe. html :"...

GHSA-W3F5-GQ7J-M797 Jenkins Vulnerable to Clickjacking

Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors...

CVE-2021-27773

This vulnerability allows users to execute a clickjacking attack in the meeting's chat...

Design/Logic Flaw

SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack...

PT-2022-11454 · Smartbear · Codecollaborator

Name of the Vulnerable Software and Affected Versions: SmartBear CodeCollaborator version 6.1.6102 Description: The issue allows an attacker to conduct a clickjacking attack through the web UI. Recommendations: For version 6.1.6102, update to a newer version that contains a fix for this issue...

Code injection

The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability...

CVE-2021-43048 TIBCO PartnerExpress Click-Jacking vulnerability

The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability...

CVE-2021-35237

A missing HTTP header X-Frame-Options in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server...

CVE-2021-38472

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 management portal does not contain an X-FRAME-OPTIONS header, which an attacker may take advantage of by sending a link to an administrator that frames the router’s management portal and could lure the administrator to perform...

in fisharebest/webtrees

Description In fix commit https://github.com/fisharebest/webtrees/commit/fc904122e0c1b55f274bc4c8cd883c266176e34e, the fix was to set CSP to script-src in HTML files to none. Webtrees by default has X-Frame-Options headers to prevent clickjacking, but since X-Frame-Options: SAMEORIGIN, it is...

in netdisco/netdisco

Description it can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. Proof of Concept Clickjack test page save the script as clickjacking .html and page will render in iframes below link show...

in kcal-app/kcal

Description it can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. Proof of Concept Clickjack test page save the script as clickjacking .html and page will render in iframes...

in opensourcepos/opensourcepos

✍️ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. 🕵️‍♂️ Proof of Concept Image: https://i.ibb.co/cbtVcb1/clickjack.png 💥 Impact According to PortSwigger references, it is...

in zoujingli/thinkadmin

✍️ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. 🕵️‍♂️ Proof of Concept 💥 Impact According to PortSwigger references, it is possible for a page controlled by an attacker...

in livehelperchat/livehelperchat

✍️ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. 🕵️‍♂️ Proof of Concept 💥 Impact According to PortSwigger references, it is possible for a page controlled by an attacker...

in erikdubbelboer/phpredisadmin

✍️ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. 🕵️‍♂️ Proof of Concept 💥 Impact According to PortSwigger references, it is possible for a page controlled by an attacker...

PT-2021-21605 · Ledgersmb +2 · Ledgersmb +2

Name of the Vulnerable Software and Affected Versions: LedgerSMB affected versions not specified Description: The issue allows an attacker to trick a targeted user into executing unintended actions through 'clickjacking', as LedgerSMB does not sufficiently guard against being wrapped by other...

Input validation

A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device...

Gurock Software Gurock TestRail 安全漏洞

Gurock Software Gurock TestRail is a web-based test case management software for QA and development teams from Gurock Software. The software supports the creation of test cases, management of test suites, and coordination of the testing process. A security vulnerability exists in Gurock TestRail...