keycloak: security headers missing on REST endpoints

A flaw was found in Keycloak’s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible...

Product update: Virtuozzo PowerPanel RTM Hotfix 8 (7.0.3-151)

The update for Virtuozzo PowerPanel introduces a security fix, a new feature, and stability and usability fixes. Vulnerability id: PP-568 PowerPanel web interface could be vulnerable to clickjacking...

CVE-2020-13174

The web server in the Teradici Managament console versions 20.04 and 20.01.1 did not properly set the X-Frame-Options HTTP header, which could allow an attacker to trick a user into clicking a malicious link via clickjacking...

CVE-2020-13174

The web server in the Teradici Managament console versions 20.04 and 20.01.1 did not properly set the X-Frame-Options HTTP header, which could allow an attacker to trick a user into clicking a malicious link via clickjacking...

Design/Logic Flaw

The web server in the Teradici Managament console versions 20.04 and 20.01.1 did not properly set the X-Frame-Options HTTP header, which could allow an attacker to trick a user into clicking a malicious link via clickjacking...

CVE-2020-13174

The CVE-2020-13174 entry affects the Teradici Management Console, specifically the web server in versions 20.04 and 20.01.1. The root cause is that the X-Frame-Options HTTP header was not properly set, enabling clickjacking or UI redress attacks by tricking users into clicking malicious links. Co...

CVE-2020-13174

The web server in the Teradici Managament console versions 20.04 and 20.01.1 did not properly set the X-Frame-Options HTTP header, which could allow an attacker to trick a user into clicking a malicious link via clickjacking...

PT-2020-13373 · Teradici · Teradici Management Console

Name of the Vulnerable Software and Affected Versions: Teradici Management console versions 20.04 and 20.01.1 Description: The web server in the Teradici Management console did not properly set the X-Frame-Options HTTP header, which could allow an attacker to trick a user into clicking a maliciou...

Automattic: [api.tumblr.com] Exploiting clickjacking vulnerability to trigger self DOM-based XSS

Hello i have found a clickjacking vulnerability in https://api.tumblr.com/console/ And a self DOM-based XSS In https://api.tumblr.com/console/calls/user/follow/unfollow A attacker can exploit the clickjacking to trigged the self DOM-based XSS Vulnerable URL to clickjacking :...

Acronis: ClickJacking

I have found the vulnerability called Clickjacking. Please find the details below: Description Clickjacking is an exploit in which malicious coding is hidden beneath apparently legitimate buttons or other clickable content on a website. OWASP Benchmark A6- Security Misconfiguration Steps to...

SUSE-RU-2020:2072-1 Security update for ansible, crowbar-core, crowbar-ha, crowbar-openstack, etcd, flannel, grafana, keepalived, kibana, memcached, monasca-installer, openstack-dashboard-theme-SUSE, openstack-manila, openstack-neutron-fwaas, openstack-nova, openstack-tempest, python-Django, python-Pillow, python-psql2mysql, python-psutil, python-py, python-pysaml2, python-waitress, rabbitmq-server, release-notes-suse-openstack-cloud, zookeeper

This update for ansible, crowbar-core, crowbar-ha, crowbar-openstack, etcd, flannel, grafana, keepalived, kibana, memcached, monasca-installer, openstack-dashboard-theme-SUSE, openstack-manila, openstack-neutron-fwaas, openstack-nova, openstack-tempest, python-Django, python-Pillow,...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Firefox vulnerability (USN-4423-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4423-1 advisory. It was discovered that X-Frame-Options could be bypassed in some circumstances. If a user were tricked in to opening a specially crafted...

USN-4423-1: Firefox vulnerability

It was discovered that X-Frame-Options could be bypassed in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct clickjacking attacks...

USN-4423-1 firefox vulnerability

It was discovered that X-Frame-Options could be bypassed in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct clickjacking attacks...

PT-2021-9173 · Openshift Container Platform · Kibana

Name of the Vulnerable Software and Affected Versions: OpenShift Container Platform's distribution of Kibana affected versions not specified Description: A flaw in OpenShift Container Platform's distribution of Kibana allows it to be opened in an iframe, enabling an attacker to intercept and...

WordPress: Clickjacking on donation page

Description: Vulnerable URL: https://wordpressfoundation.org/donate/ Clickjacking on the vulnerable URL allows an attacker to redirect a victim to do a donation at an attacker's page. Steps To Reproduce: 1 To test whether the page is vulnerable to clickjacking or not use this code i Frame THIS PA...

Mail.ru: Clickjacking Vulnerability via https://webagent.mail.ru leading to protection bypass for https://web.icq.com/ end point

Clickjacking protection bypass on web.icq.com via webagent.mail.ru...

CVE-2019-4323

"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."...

CVE-2019-4323

"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."...

Spoofing

"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."...