CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2018/04/18 9:21 a.m.•26 views

CVE-2018-6112

Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

4.3CVSS3AI score0.01588EPSS

Hacker One•added 2018/04/15 3:7 p.m.•438 views

Zomato: Clickjacking: Delete Account, Change privacy settings, Rate business, follow/unfollow (IE)

Inspired by report 337219. Please note that this report includes a clear security impact as well as a proof of concept. CVSS ---- medium 5.0 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L Description ----------- The application does not send a X-Frame-Options header, thus allowing pages to be...

6.5AI score

Hacker One•added 2018/04/13 12:51 p.m.•54 views

Zomato: URL is vulnerable to clickjacking

The browser has verified the identity: Successfully implemented in IE browser Reproduce steps: URLs do not have X-FRAME-OPTIONS set to DENY or SAMEORIGIN, and they are vulnerable to clickjacking. Run under the browser's code and you will see that the listed links are vulnerable to clickjacking...

1.7AI score

Hacker One•added 2018/03/26 2:44 p.m.•105 views

X (Formerly Twitter): [dev.twitter.com] XSS and Open Redirect Protection Bypass

Description: Hi after I finish reading the report https://hackerone.com/reports/260744.i start to test this subdomain.i fount an interesting url https://dev.twitter.com/web/sign-inhttps://dev.twitter.com/basics/adding-international-support-to-your-apps.this url is special,my intuition tells me th...

6.8AI score

Hacker One•added 2018/03/15 11:6 p.m.•127 views

Uber: Reflected XSS on multiple uberinternal.com domains

The base parameter of /oidauth/prompt on multiple uberinternal.com subdomains was not sanitized before being reflected into the page body, making it vulnerable to reflected XSS. Additionally, these pages were affected by a clickjacking vulnerability that made exploitation easier, since a click wa...

1AI score

NVD•added 2018/03/09 7:29 p.m.•16 views

CVE-2016-0274

IBM Financial Transaction Manager FTM for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager FTM for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager FTM for Corporate Payment Services CPS for...

5.4CVSS5.3AI score0.00565EPSS

OSV•added 2018/03/09 7:29 p.m.•4 views

CVE-2016-0274

5.4CVSS5.8AI score0.00565EPSS

Prion•added 2018/03/09 7:29 p.m.•14 views

Code injection

3.5CVSS6.6AI score0.00565EPSS

CVE•added 2018/03/09 7:0 p.m.•39 views

CVE-2016-0274

CVE-2016-0274 affects IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services on Multi-Platform 2.1.1.2 and 3.0.x before fp0013. The issue permits remote clickjacking via a crafted site, enabling an attacker to hijack the user’s clicking actions. IB...

5.4CVSS6.1AI score0.00565EPSS

Cvelist•added 2018/03/09 7:0 p.m.•19 views

CVE-2016-0274

5.3AI score0.00565EPSS

CNVD•added 2018/02/27 12:0 a.m.•5 views

PrestaShop UI-Redressing Clickjacking Vulnerability

PrestaShop is a full-featured, cross-platform, free and open source e-commerce solution designed for web 2.0. A UI-Redressing clickjacking vulnerability exists in PrestaShop version 1.7.2.5 and earlier. The vulnerability occurs because the generateHtaccess function in classes/Tools.php sets neith...

7.5CVSS6.8AI score0.01119EPSS

Exploits0References1

Prion•added 2018/02/26 5:29 p.m.•16 views

Spoofing

In PrestaShop through 1.7.2.5, a UI-Redressing/Clickjacking vulnerability was found that might lead to state-changing impact in the context of a user or an admin, because the generateHtaccess function in classes/Tools.php sets neither X-Frame-Options nor 'Content-Security-Policy "frame-ancestors'...

5CVSS7.5AI score0.01119EPSS

NVD•added 2018/02/26 5:29 p.m.•20 views

CVE-2018-7491

7.5CVSS7.5AI score0.01119EPSS

OSV•added 2018/02/26 5:29 p.m.•20 views

CVE-2018-7491

7.5CVSS7AI score

CVE•added 2018/02/26 5:0 p.m.•47 views

CVE-2018-7491

PrestaShop

7.5CVSS7.4AI score0.01119EPSS

Cvelist•added 2018/02/26 5:0 p.m.•25 views

CVE-2018-7491

7.5AI score0.01119EPSS

CNVD•added 2018/02/26 12:0 a.m.•3 views

HPE Matrix Operating Environment Software and Systems Insight Manager Software Clickjacking Vulnerability (CNVD-2018-05096)

HPE Matrix Operating Environment Software and Systems Insight Manager SIM Software are both products of Hewlett Packard Enterprise HPE, U.S. HPE Matrix Operating Environment Software is a set of cloud management software designed for infrastructure services. HPE Matrix Operating Environment...

5.3CVSS6.8AI score0.01497EPSS

Exploits0References1

CNVD•added 2018/02/26 12:0 a.m.•3 views

HPE Matrix Operating Environment Software and Systems Insight Manager Software Clickjacking Vulnerability

6.5CVSS6.8AI score0.01599EPSS

Exploits0References1

Hacker One•added 2018/02/21 5:57 p.m.•56 views

Semrush: clickjacking to Semrush auth login

Description: Clickjacking User Interface redress attack, UI redress attack, UI redressing is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on. this attack could be perform to semrush auth user because its direct...

6.5AI score