CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Hacker One•added 2019/07/10 5:57 p.m.•18 views

Khan Academy: Khan Academy ClickJacking to Steal Users's Credintials

DESCRIPTION 1. It ask to login to https://alerta.khanacademy.org with google account. 2. It doesn't give access to any normal user. 3. That's why after trying to login with GOOGLE account it shows a error message prompt with user's sensitive information including email, code/access token and clie...

0.9AI score

NVD•added 2019/07/09 9:15 p.m.•13 views

CVE-2019-9147

Mailvelope prior to 3.1.0 is vulnerable to a clickjacking attack against the settings page. As the settings page is intended to be accessible from web applications, the browser's extension isolation mechanisms are disabled webaccessibleresources. Mailvelope implements additional measures to preve...

4.3CVSS4.5AI score0.01441EPSS

OSV•added 2019/07/09 9:15 p.m.•13 views

CVE-2019-9147

4.3CVSS6.7AI score

Prion•added 2019/07/09 9:15 p.m.•13 views

Design/Logic Flaw

4.3CVSS4.6AI score0.01441EPSS

Cvelist•added 2019/07/09 8:20 p.m.•18 views

CVE-2019-9147

4.6AI score0.01441EPSS

CVE•added 2019/07/09 8:20 p.m.•107 views

CVE-2019-9147

Mailvelope CVE-2019-9147 affects the Mailvelope browser extension before version 3.1.0. The vulnerability is a clickjacking issue on the settings page, which is intended to be embedded by web apps. The problem arises because the browser extension isolation mechanisms are disabled via web_accessib...

4.3CVSS4.5AI score0.01441EPSS

Cloud Foundry•added 2019/07/09 12:0 a.m.•32 views

CVE-2019-3794: UAA - Login app subject to clickjacking attack | Cloud Foundry

Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions Severity is medium unless otherwise noted. UAA Release OSS is vulnerable prior to v73.4.0 Description Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various...

6.5CVSS5.7AI score0.01074EPSS

The Hacker News•added 2019/07/03 3:39 p.m.•120 views

17-Year-Old Weakness in Firefox Let HTML File Steal Other Files From Device

Except for phishing and scams, downloading an HTML attachment and opening it locally on your browser was never considered as a severe threat until a security researcher today demonstrated a technique that could allow attackers to steal files stored on a victim's computer. Barak Tawily, an...

6.9AI score

CNVD•added 2019/06/28 12:0 a.m.•1 views

BCN Quark Quarking Password Manager Clickjacking Vulnerability

BCN Quark Quarking Password Manager is a password management tool. A clickjacking vulnerability exists in BCN Quark Quarking Password Manager version 3.1.84. The vulnerability arises from a network system or product that does not properly validate incoming data. An attacker could exploit this...

4.3CVSS6.9AI score0.0142EPSS

Exploits0References1

OSV•added 2019/06/24 7:15 p.m.•2 views

CVE-2019-12880

BCN Quark Quarking Password Manager 3.1.84 suffers from a clickjacking vulnerability caused by allowing within webaccessibleresources. An attacker can take advantage of this vulnerability and cause significant harm...

4.3CVSS5.8AI score0.0142EPSS

NVD•added 2019/06/24 7:15 p.m.•14 views

CVE-2019-12880

4.3CVSS4.6AI score0.0142EPSS

Prion•added 2019/06/24 7:15 p.m.•9 views

Design/Logic Flaw

4.3CVSS4.7AI score0.0142EPSS

CVE•added 2019/06/24 6:39 p.m.•54 views

CVE-2019-12880

CVE-2019-12880 affects BCN Quark Quarking Password Manager (v3.1.84). The issue is a clickjacking vulnerability caused by allowing a wildcard (*) in web_accessible_resources, enabling a malicious page to load the password manager UI in a framed context. This could allow attackers to trick users i...

4.3CVSS4.6AI score0.0142EPSS

Cvelist•added 2019/06/24 6:39 p.m.•25 views

CVE-2019-12880

4.7AI score0.0142EPSS

Hacker One•added 2019/06/14 4:39 p.m.•13 views

New Relic: Site-wide clickjacking at IE11

Hey team, I have discovered that the protection you use for clickjacking preventing is a CSP with frame-ancestors directive. But IE11 doesn't support this directive so you customers using this browser can be attacked. The market share of IE11 is about 2.5% now and it's higher than, for example,...

1.5AI score