Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3800 matches found

Veracode
Veracodeadded 2023/10/20 9:3 a.m.25 views

Clickjacking

home-assistant is vulnerable to Clickjacking attacks. The server doesn't set the X-Frame-Options HTTP security headers . The omission of this header facilitates clickjacking attack which could also lead to RCE...

9.6CVSS6.8AI score0.0095EPSS
Exploits0References4Affected Software2
NVD
NVDadded 2023/10/19 11:15 p.m.17 views

CVE-2023-41897

Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the X-Frame-Options header, which specifies whether the web page is allowed to be framed. The omission of this and correlating headers facilitates covert clickjacking attacks...

9.6CVSS9.4AI score0.0095EPSS
Exploits0References3
Prion
Prionadded 2023/10/19 11:15 p.m.11 views

Remote code execution

Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the X-Frame-Options header, which specifies whether the web page is allowed to be framed. The omission of this and correlating headers facilitates covert clickjacking attacks...

6.8CVSS9.4AI score0.0095EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2023/10/19 10:23 p.m.12 views

CVE-2023-41897 Lack of XFO header allows clickjacking in Home Assistant Core

Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the X-Frame-Options header, which specifies whether the web page is allowed to be framed. The omission of this and correlating headers facilitates covert clickjacking attacks...

8.8CVSS7.4AI score0.0095EPSS
Exploits0References3
CVE
CVEadded 2023/10/19 10:23 p.m.43 views

CVE-2023-41897

CVE-2023-41897 affects Home Assistant Core. The issue is the absence of HTTP security headers, notably the X-Frame-Options header, which enables clickjacking and creates potential paths for other exploit opportunities within the Home Assistant web interface. Documents consistently describe the ri...

9.6CVSS9.3AI score0.0095EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2023/10/19 10:23 p.m.21 views

CVE-2023-41897 Lack of XFO header allows clickjacking in Home Assistant Core

Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the X-Frame-Options header, which specifies whether the web page is allowed to be framed. The omission of this and correlating headers facilitates covert clickjacking attacks...

8.8CVSS9.8AI score0.0095EPSS
Exploits0References3
OSV
OSVadded 2023/10/19 10:23 p.m.28 views

CVE-2023-41897 Lack of XFO header allows clickjacking in Home Assistant Core

Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the X-Frame-Options header, which specifies whether the web page is allowed to be framed. The omission of this and correlating headers facilitates covert clickjacking attacks...

8.8CVSS9.2AI score0.0095EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2023/10/19 12:0 a.m.4 views

PT-2023-28153

Name of the Vulnerable Software and Affected Versions Home Assistant versions prior to 2023.9.0 Description The issue concerns the omission of HTTP security headers, including the X-Frame-Options header, in Home Assistant server. This omission facilitates covert clickjacking attacks and other...

9.6CVSS9.4AI score0.0095EPSS
Exploits0References9
CNNVD
CNNVDadded 2023/10/19 12:0 a.m.4 views

Home Assistant Data Falsification Issue Vulnerability

Home Assistant is an open source home automation management system. The system is primarily used to control home automation devices. A security vulnerability exists in Home assistant versions prior to 2023.9.0, which stems from Home assistant not setting the HTTP security header. An attacker can...

9CVSS6.7AI score0.00271EPSS
Exploits0References3
Atlassian
Atlassianadded 2023/10/02 3:11 p.m.19 views

UI Redressing (Clickjacking) with SSO Plugin for Data Center

h3. Problem Related to CONFSERVER-29230 When we enable the SAML login on General Configuration - Authentication, the Confluence login page shows inside an iframe. When disabled it doesn't show as expected with the Clickjacking disabled by default. In the gif attached, replicated the error on our...

7.2AI score
Exploits0Affected Software1
Github Security Blog
Github Security Blogadded 2023/09/28 6:30 a.m.16 views

Economizzer vulnerable to Clickjacking

The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were...

6.5CVSS6.9AI score0.00634EPSS
Exploits1References6Affected Software1
OSV
OSVadded 2023/09/28 6:30 a.m.20 views

GHSA-GC95-5MMP-MP6J Economizzer vulnerable to Clickjacking

The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were...

6.5CVSS6.3AI score0.00634EPSS
Exploits1References5
ATTACKERKB
ATTACKERKBadded 2023/09/28 4:15 a.m.4 views

CVE-2023-38873

The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were...

6.5CVSS5.8AI score0.00634EPSS
Exploits1References4
NVD
NVDadded 2023/09/28 4:15 a.m.30 views

CVE-2023-38873

The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were...

6.5CVSS6.5AI score0.00634EPSS
Exploits1References3
OSV
OSVadded 2023/09/28 4:15 a.m.22 views

CVE-2023-38873

The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were...

6.5CVSS7AI score0.00634EPSS
Exploits1References3
Prion
Prionadded 2023/09/28 4:15 a.m.15 views

Design/Logic Flaw

The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were...

4.3CVSS6.4AI score0.00634EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2023/09/28 12:0 a.m.112 views

CVE-2023-38873

The CVE-2023-38873 entry corresponds to a Clickjacking vulnerability in Economizzer v0.9-beta1 (and related commits). Multiple connected sources corroborate that the issue involves UI redressing where an attacker tricks a user into interacting with a page they did not intend, by overlaying transp...

6.5CVSS6.4AI score0.00634EPSS
Exploits1References3Affected Software1
CNNVD
CNNVDadded 2023/09/28 12:0 a.m.4 views

Economizzer Security Vulnerabilities

Economizzer is a simple and open source personal finance management system using PHP Yii Framework 2 by Gustavo G. Andrade, an individual developer. A security vulnerability exists in Economizzer v.0.9-beta1, which is vulnerable to clickjacking attacks...

6.5CVSS6.8AI score0.00634EPSS
Exploits1References4
Cvelist
Cvelistadded 2023/09/28 12:0 a.m.38 views

CVE-2023-38873

The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were...

6.6AI score0.00634EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2023/09/28 12:0 a.m.11 views

CVE-2023-38873

The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were...

6.8AI score0.00634EPSS
Exploits1References3
Rows per page
Query Builder