355 matches found
CVE-2025-6983
CVE-2025-6983 affects TP-Link Archer C1200 web management, with a clickjacking flaw in versions 1.1.5 and earlier. An attacker could trick a logged-in user into performing unintended actions via layered UI/frames. No exploitation details are provided in the initial and connected documents, but mu...
CVE-2025-6983 Clickjacking vulnerability on the management web application of TP-LINK Archer C1200
A Clickjacking vulnerability in TP-Link Archer C1200 web management page allows an attacker to trick users into performing unintended actions via rendered UI layers or frames.This issue affects Archer C1200 = 1.1.5...
CVE-2025-6983 Clickjacking vulnerability on the management web application of TP-LINK Archer C1200
A Clickjacking vulnerability in TP-Link Archer C1200 web management page allows an attacker to trick users into performing unintended actions via rendered UI layers or frames.This issue affects Archer C1200 = 1.1.5...
TP-LINK Archer C1200 安全漏洞
TP-LINK Archer C1200 is a wireless router from China P&L TP-LINK. A security vulnerability exists in TP-LINK Archer C1200 version 1.1.5 and earlier, which stems from a clickjacking risk that could cause users to perform unintended actions...
PT-2025-29878 · Tp Link · Archer C1200
Name of the Vulnerable Software and Affected Versions: TP-Link Archer C1200 versions prior to 1.1.6 Description: A clickjacking issue exists in the web management page of the TP-Link Archer C1200. This allows an attacker to deceive users into performing actions they did not intend through the...
CVE-2025-27455
The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of...
CVE-2025-27455
The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of...
CVE-2025-27455 CVE-2025-27455
The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of...
CVE-2025-27455 CVE-2025-27455
The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of...
CVE-2025-27455
CVE-2025-27455 is linked to a clickjacking vulnerability in Endress+Hauser MEAC300-FNADE4 web interface (end-user frame embedding allowed). Connected sources confirm the affected product and vulnerability class but do not provide a confirmed patch/version fix; one PT-SEC source notes no available...
CVE-2025-53096
Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Clickjacking attacks. This vulnerability allows an attacker to embed the Sunshine interface within a malicious website using an invisible or disguised iframe. ...
PT-2025-27784 · Endress+Hauser · Endress+Hauser Meac300-Fnade4
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The web application is susceptible to clickjacking attacks, where it can be embedded into another frame. This allows an attacker to deceive a user into clicking on something different from...
CVE-2025-53096
Summary: CVE-2025-53096 affects Sunshine, a self-hosted game stream host for Moonlight. The issue is a lack of Clickjacking protection in Sunshine’s web UI prior to version 2025.628.4510, allowing an attacker to embed the UI in a malicious page via an invisible or disguised iframe. If a user, whi...
CVE-2025-53096 Sunshine clickjacking in the UI leads to unauthorized actions being performed
Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Clickjacking attacks. This vulnerability allows an attacker to embed the Sunshine interface within a malicious website using an invisible or disguised iframe. ...
CVE-2025-36027 IBM Datacap clickjacking
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against...
CVE-2024-39730 IBM Datacap clickjacking
IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attack...
CVE-2025-6434 HTTPS-Only exception screen lacked anti-clickjacking delay
The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP. This vulnerability was fixed in Firefox 140 and Thunderbird 1...
CVE-2025-6434 HTTPS-Only exception screen lacked anti-clickjacking delay
The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP. This vulnerability was fixed in Firefox 140 and Thunderbird 1...
SAP Commerce Information Disclosure Vulnerability
SAP Commerce is a cloud-based e-commerce solution developed by SAP. An information disclosure vulnerability exists in SAP Commerce, which stems from the use of the deprecated X-FRAME-OPTIONS header to prevent clickjacking, and can be exploited by an attacker to disclose and tamper with sensitive...
RHEL 8 : firefox (RHSA-2025:9155)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:9155 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: libvpx:...