82 matches found
Astra Linux - уязвимость в firefox, thunderbird
Web-accessible extension pages pages with a moz-extension:// scheme did not correctly enforce the frame-ancestors directive when it was used in the Web Extension’s Content Security Policy. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91.6...
CVE-2025-62328
HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content-Security-Policy header by default which could allow an attacker to obtain sensitive information via unspecified vectors...
EUVD-2025-208603
HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content-Security-Policy header by default which could allow an attacker to obtain sensitive information via unspecified vectors...
CVE-2025-62328
HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content-Security-Policy header by default which could allow an attacker to obtain sensitive information via unspecified vectors...
CVE-2025-62328
CVE-2025-62328 affects HCL Nomad server on Domino where the Content-Security-Policy header does not set the frame-ancestors directive by default. This may allow an attacker to obtain sensitive information via unspecified vectors. The CVSS v3.1 base score is 3.7 (LOW) with NETWORK attack vector, H...
CVE-2025-62328 HCL Nomad server on Domino is affected by a missing default frame-ancestors directive
HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content-Security-Policy header by default which could allow an attacker to obtain sensitive information via unspecified vectors...
CVE-2025-62328 HCL Nomad server on Domino is affected by a missing default frame-ancestors directive
HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content-Security-Policy header by default which could allow an attacker to obtain sensitive information via unspecified vectors...
CVE-2025-62328
HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content-Security-Policy header by default which could allow an attacker to obtain sensitive information via unspecified vectors...
PT-2026-24860
HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content-Security-Policy header by default which could allow an attacker to obtain sensitive information via unspecified vectors...
HCL Nomad Server 安全漏洞
HCL Nomad Server is a server component operated by the Indian company HCL, designed for running enterprise business applications. There is a security vulnerability in HCL Nomad Server on Domino. This vulnerability stems from an improper configuration of the frame-ancestors directive in the...
CVE-2026-24839
CVE-2026-24839 affects Dokploy (PaaS). In versions prior to 0.26.6, the Dokploy web interface is vulnerable to clickjacking due to missing frame-busting headers, allowing an attacker to embed Dokploy pages in malicious iframes and trick authenticated users into performing unintended actions. Vers...
CVE-2026-23731
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerable to clickjacking attacks. The WeGIA application does not send any defensive HTTP headers related to framing protection. In particular, X-Frame-Options is missing andContent-Security-Policy with...
CVE-2026-23731
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerable to clickjacking attacks. The WeGIA application does not send any defensive HTTP headers related to framing protection. In particular, X-Frame-Options is missing andContent-Security-Policy with...
CVE-2026-23731 WeGIA Clickjacking Vulnerability
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerable to clickjacking attacks. The WeGIA application does not send any defensive HTTP headers related to framing protection. In particular, X-Frame-Options is missing andContent-Security-Policy with...
CVE-2026-23731
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerable to clickjacking attacks. The WeGIA application does not send any defensive HTTP headers related to framing protection. In particular, X-Frame-Options is missing andContent-Security-Policy with...
CVE-2026-23731 WeGIA Clickjacking Vulnerability
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerable to clickjacking attacks. The WeGIA application does not send any defensive HTTP headers related to framing protection. In particular, X-Frame-Options is missing andContent-Security-Policy with...
CVE-2026-23731
CVE-2026-23731 affects the WeGIA web manager for charitable institutions. Prior to version 3.6.2, the application is vulnerable to clickjacking because it does not send framing protections: missing X-Frame-Options and an unconfigured Content-Security-Policy with frame-ancestors. An attacker could...
CVE-2026-23731 WeGIA Clickjacking Vulnerability
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerable to clickjacking attacks. The WeGIA application does not send any defensive HTTP headers related to framing protection. In particular, X-Frame-Options is missing andContent-Security-Policy with...
CVE-2025-65922
PLANKA 2.0.0 lacks X-Frame-Options and CSP frame-ancestors headers, allowing the application to be embedded within malicious iframes. While this does not lead to unintended modification of projects or tasks, it exposes users to Phishing attacks. Attackers can frame the legitimate Planka applicati...
Planka 安全漏洞
Planka is a Trello-like Kanban board built with React and Redux by Planka Open Source. A security vulnerability exists in Planka version 2.0.0, which stems from the missing X-Frame-Options and CSP frame-ancestors headers and could lead to a phishing attack...