PT-2020-12443 · Western Digital · Western Digital My Cloud Home +1

Name of the Vulnerable Software and Affected Versions: Western Digital My Cloud Home and ibi devices versions prior to 2.2.0 Description: The issue allows clickjacking on sign-in pages. Recommendations: For versions prior to 2.2.0, update to version 2.2.0 or later to resolve the issue...

Authorization Bypass

squirrelmail is vulnerable to authorization bypass. THe vulnerability exists as SquirrelMail was allowed to be loaded into an HTML sub-frame, allowing a remote attacker to perform a clickjacking attack against logged in users and possibly gain access to sensitive user data...

Clickjacking

thunderbird is vulnerable to clickjacking. A flaw was found in the way Thunderbird displayed certain web content. A malicious HTML mail message could generate content which could overlay user interface elements such as the hostname and security indicators, tricking a user into thinking they are...

CVE-2020-1728

A flaw was found in Keycloak’s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible...

CVE-2020-1728

A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other...

CVE-2020-1728

A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other...

Design/Logic Flaw

A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other...

CVE-2020-1728

A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other...

CVE-2020-1728

CVE-2020-1728 affects Red Hat’s Red Hat Single Sign-On / Keycloak projects. The issue is described as security headers missing on REST endpoints for Keycloak, which could ease client-side attacks like clickjacking or other header-reliant abuse. The connected Red Hat advisories explicitly link thi...

CVE-2019-19001

For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentia...

CVE-2019-19001

For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentia...

CVE-2019-19001

For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentia...

Authentication flaw

For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentia...

CVE-2019-19001 eSOMS X-FrameOption

For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentia...

CVE-2019-19001

ABB eSOMS is affected by CVE-2019-19001 due to the absence of the X-Frame-Options header in HTTP responses for versions 4.0 to 6.0.2. This can enable ClickJacking by framing parts of the application on a malicious site, potentially exposing sensitive user credentials. Root cause: HTTP responses l...

Kubernetes: Clickjacking

Report Submission Form Summary: Clickjacking is an attack that tricks a user into clicking a webpage element which is invisible or disguised as another element Description: Clickjacking User Interface redress attack, UI redress attack, UI redressing is a malicious technique of tricking a Web user...

GLSA-202003-02 : Mozilla Firefox: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202003-02 Mozilla Firefox: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user t...

jenkins: REST APIs vulnerable to clickjacking

REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks...

CVE-2015-5686

Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF Cross-Site Request Forgery attacks. This would allow an attacker to redirect user input to an untrusted site or hijack a user session...

Cross site request forgery (csrf)

Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF Cross-Site Request Forgery attacks. This would allow an attacker to redirect user input to an untrusted site or hijack a user session...