3800 matches found
Steam, Fire, and Paste – A Story of UXSS via DOM-XSS & Clickjacking in Steam Inventory Helper
Summary The “Steam Inventory Helper” Chrome extension version 1.13.6 suffered from both a DOM-based Cross-site Scripting XSS and a clickjacking vulnerability. By combining these vulnerabilities it is possible to gain JavaScript code execution in the highly-privileged context of the extension's...
Steam, Fire, and Paste – A Story of UXSS via DOM-XSS & Clickjacking in Steam Inventory Helper
Summary The “Steam Inventory Helper” Chrome extension version 1.13.6 suffered from both a DOM-based Cross-site Scripting XSS and a clickjacking vulnerability. By combining these vulnerabilities it is possible to gain JavaScript code execution in the highly-privileged context of the extension’s...
Update Google Chrome Immediately to Patch a High Severity Vulnerability
You must update your Google Chrome now. Security researcher Michał Bentkowski discovered and reported a high severity vulnerability in Google Chrome in late May, affecting the web browsing software for all major operating systems including Windows, Mac, and Linux. Without revealing any technical...
CVE-2018-1432
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking...
Cross site request forgery (csrf)
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking...
CVE-2018-1432
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking...
CVE-2018-1432
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking...
CVE-2018-1432
CVE-2018-1432 affects IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7. The issue is cross-frame scripting that allows loading Information Server components inside an HTML iframe on a malicious page, enabling a potential clickjacking/ phishing scenario. The provided documents do not sp...
IBM InfoSphere Information Server Cross-Frame Scripting Vulnerability
IBM InfoSphere Information Server is a data integration platform that includes a range of products that enable you to understand, cleanse, monitor, transform, and transfer data, as well as collaborate to bridge the gap between business and IT. A cross-framework scripting vulnerability exists in I...
CVE-2017-1000479
creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/http/pfsenseclickjacking.rb...
Mail.ru: Clickjacking Vulnerability on https://support.my.com/games/ticket/xxxx/
Hi There, I have found a Clickjacking vulnerability on your site. Steps to reproduce: 1.Go to https://support.my.com this site 2.Generate a Clickjacking script, save it as .html and run into your browser Script: iframe width: 800px; height: 500px; position: absolute; top: 0; left: 0; filter:...
Yelp: CRITICAL-CLICKJACKING at Yelp Reservations Resulting in exposure of victim Private Data (Email info) + Victim Credit Card MissUse.
Please have a look at this interesting article with precise explanation about Click-jacking security flaw: https://www.linkedin.com/pulse/20141202104842-120953718-why-am-i-anxious-about-clickjacking/ In Yelp platform the response headers of the Reservation page does not contain the X-Frame-Option...
Mail.ru: Modifying application settings via clickjacking on o2.mail.ru
It was possible to edit application information or delete application via clickjacking on o2.mail.ru...
Uber: Reflected XSS in https://eng.uberinternal.com and https://coeshift.corp.uber.internal/
The base parameter of /oidauth/prompt on multiple uberinternal.com subdomains was not sanitized before being reflected into the page body, making it vulnerable to reflected XSS. Additionally, these pages were affected by a clickjacking vulnerability that made exploitation easier, since a click wa...
Cisco TelePresence Server Cross-Frame Scripting Vulnerability
Cisco TelePresence Server Software is the United States of America Cisco Cisco is a set of video conferencing solutions known as "TelePresence" system. The program provides audio, video space and other components for remote participants to provide a "face-to-face" virtual meeting room effect. web...
Input validation
An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The affected web interface is vulnerable to ClickJacking or UI Redressing: it is possible to access the web application in an iframe, and clicking on the iframe will redirect to a third-party application or...
CVE-2018-5304
An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The affected web interface is vulnerable to ClickJacking or UI Redressing: it is possible to access the web application in an iframe, and clicking on the iframe will redirect to a third-party application or...
CVE-2018-5304
An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The affected web interface is vulnerable to ClickJacking or UI Redressing: it is possible to access the web application in an iframe, and clicking on the iframe will redirect to a third-party application or...
CVE-2018-5304
An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The affected web interface is vulnerable to ClickJacking or UI Redressing: it is possible to access the web application in an iframe, and clicking on the iframe will redirect to a third-party application or...
CVE-2018-5304
The Impinj Speedway Connect R420 RFID Reader web interface is affected by a ClickJacking/UI redress issue in versions prior to 2.2.2. An attacker could load the web interface in an iframe and, by user interaction, trigger redirection to a third-party application or other malicious actions. The ex...