CVE-2022-40268

Summary (mode C): CVE-2022-40268 describes an improper restriction of rendered UI layers or frames (clickjacking) affecting Mitsubishi Electric GOT2000 Series products: GT27 (versions 01.14.000–01.47.000), GT25 (01.14.000–01.47.000), and GT SoftGOT2000 (1.265B–1.285X). Root cause: UI rendering re...

Mitsubishi Electric GOT2000和GT SoftGOT2000 安全漏洞

Mitsubishi Electric GOT2000 and Mitsubishi Electric GT SoftGOT2000 are both products of Mitsubishi Electric Japan.Mitsubishi Electric GOT2000 is a GOT2000 series Mitsubishi Electric GT SoftGOT2000 is an HMI software that runs on PCs and computers. It can monitor and operate the information of FA...

Mitsubishi Electric GOT2000 Series and GT SoftGOT2000

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Corporation Equipment: GOT Mobile Function on GOT2000 Series and GT SoftGOT2000 Vulnerabilities: Authentication Bypass by Spoofing, Improper Restriction of Rendered UI Layers or Frames 2. RISK EVALUATION...

CVE-2023-23126

Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions. NOTE: the vendor's position is that a Content-Security-Policy HTTP response header is present to block this attack...

CVE-2023-23126

Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions. NOTE: the vendor's position is that a Content-Security-Policy HTTP response header is present to block this attack...

CVE-2023-23126

Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions. NOTE: the vendor's position is that a Content-Security-Policy HTTP response header is present to block this attack...

Code injection

DISPUTED Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions. NOTE: the vendor's position is that a Content-Security-Policy HTTP response header is present to block this attack...

ConnectWise Automate 安全漏洞

ConnectWise Automate is a cloud-based, local IT automation solution from ConnectWise USA. The product supports content management, file sharing, IT asset tracking and management, and more. A security vulnerability exists in ConnectWise Automate version 2022.11 that stems from vulnerability to...

PT-2023-18847 · Connectwise · Connectwise Automate

Name of the Vulnerable Software and Affected Versions: Connectwise Automate version 2022.11 Description: The issue allows the login screen to be iframed, potentially manipulating users into performing unintended actions. The vendor claims that a Content-Security-Policy HTTP response header is...

CVE-2023-23126

Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions. NOTE: the vendor's position is that a Content-Security-Policy HTTP response header is present to block this attack...

CVE-2023-23126

ConnectWise Automate 2022.11 is affected by a clickjacking vulnerability where the login screen can be framed to entice users into unintended actions. The vendor claims a Content-Security-Policy header blocks this attack. Multiple sources (NVD, Red Hat, CVE listings) confirm the issue; no explici...

CVE-2023-23126

Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions. NOTE: the vendor's position is that a Content-Security-Policy HTTP response header is present to block this attack...

Improper Restriction of Rendered UI Layers or Frames

Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. Proof of Concept http://localhost:8000/admin/ Response headers http HTTP/1.1 200 OK Server: gunicorn Date: Tue, 24 Jan 202...

Clickjacking

pyload-ng is vulnerable to clickjacking attacks. The vulnerability exists due to the lack of frame restrictions in init.py as it does not properly set the response header X-Frame-Options: DENY, which allows an attacker to load the website within a malicious response header...

PT-2023-8312 · Pyload · Pyload

Name of the Vulnerable Software and Affected Versions: pyload versions prior to 0.5.0b3.dev33 Description: The issue is related to improper restriction of rendered UI layers or frames in the pyload software, which can be exploited by a remote attacker to conduct a clickjacking attack. This allows...

Improper Restriction of Rendered UI Layers or Frames

Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. Proof of Concept...

Rockwell Automation MicroLogix 1100 and 1400

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: MicroLogix 1100 and 1400 Vulnerabilities: Cross-site Scripting, Improper Restriction of Rendered UI Layers or Frames 2. RISK EVALUATION Successful exploitation of these...

CVE-2022-46061

AeroCMS v0.0.1 is vulnerable to ClickJacking...

CVE-2022-46061

AeroCMS v0.0.1 is vulnerable to ClickJacking...

Design/Logic Flaw

AeroCMS v0.0.1 is vulnerable to ClickJacking...