CVE-2022-4105

CVE-2022-4105 refers to a stored XSS in Kiwi TCMS’s kiwi Test Plan. The vulnerability allows attacker-supplied JavaScript to execute in the context of the application, potentially enabling a chained HTML injection that can perform a UI redressing attack (clickjacking) and an HTML injection that d...

PT-2022-25655 · Unknown · Kiwi Test Plan

Name of the Vulnerable Software and Affected Versions: kiwi Test Plan affected versions not specified Description: A stored XSS in a kiwi Test Plan can run malicious javascript, potentially chained with an HTML injection to perform a UI redressing attack, also known as clickjacking, and an HTML...

CVE-2022-34318 IBM CICS TX clickjacking

IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM...

CVE-2022-34318 IBM CICS TX clickjacking

IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM...

Clickjacking

github.com/hashicorp/boundary is vulnerable to clickjacking. An attacker can redirect the user to malicious sites by intercepting login credentials, causing malicious actions on the site...

Hashicorp Boundary vulnerable to clickjacking

Hashicorp Boundary is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site...

GHSA-XQV2-3VVQ-QG6R Hashicorp Boundary vulnerable to clickjacking

Hashicorp Boundary is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site...

CVE-2022-36182

Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site...

CVE-2022-36182

Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site...

Design/Logic Flaw

Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site...

CVE-2022-36182

Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site...

PT-2022-23248 · Hashicorp · Hashicorp Boundary

Name of the Vulnerable Software and Affected Versions: Hashicorp Boundary version 0.8.0 Description: The issue allows for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site due to Clickjacking. Recommendations...

CVE-2022-36182

CVE-2022-36182 concerns Hashicorp Boundary v0.8.0 vulnerable to Clickjacking. The core issue is a framing-based attack that can intercept login credentials, redirect users to malicious sites, or enable users to perform unintended actions on the site. Reported data indicate the affected software, ...

CVE-2022-36182

Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site...

Security Bulletin: A clickjacking vulnerability in WebSphere Application Server Liberty affects IBM InfoSphere Information Server

Summary A clickjacking vulnerability in WebSphere Application Server Liberty that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2021-39038 DESCRIPTION: IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through...

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Security Directory Server

Summary IBM WebSphere Application Server is shipped with IBM Security Directory Server. Information about security vulnerabilities affecting IBM WebSphere Application Server have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

IBM Robotic Process Automation Clickjacking Vulnerability

IBM Robotic Process Automation is a robotic process automation product from IBM U.S.A. A clickjacking vulnerability exists in IBM Robotic Process Automation, which can be exploited by remote attackers to submit special url requests that can be parsed by users to obtain sensitive information or...

Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)

Summary There are multiple vulnerabilities in the swagger-ui library used by Liberty for Java for IBM Cloud with mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, mpOpenAPI-3.0, openapi-3.0 or the openapi-3.1 feature enabled. These vulnerabilities could allow spoofing attacks or clickjacking...

Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to Clickjacking (CVE-2021-39038)

Summary Liberty for Java for IBM Cloud is vulnerable to clickjacking through IBM WebSphere Application Server Liberty features mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, apiDiscovery-1.0, openapi-3.0 or openapi-3.1. This has been addressed. Vulnerability Details CVEID:CVE-2021-39038 DESCRIPTION...

IBM Robotic Process Automation 安全漏洞

IBM Robotic Process Automation is a robotic process automation product from IBM U.S.A. A clickjacking vulnerability exists in IBM Robotic Process Automation, which can be exploited by remote attackers to submit special url requests that can be parsed by users to obtain sensitive information or...