Lucene search
K

38 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:12 p.m.6 views

CVE-2020-13174

The web server in the Teradici Managament console versions 20.04 and 20.01.1 did not properly set the X-Frame-Options HTTP header, which could allow an attacker to trick a user into clicking a malicious link via clickjacking...

6.1CVSS6.8AI score0.00661EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:10 a.m.6 views

CVE-2019-19001

For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentia...

6.5CVSS6.7AI score0.01532EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/13 1:51 a.m.4 views

CVE-2025-24874

SAP Commerce Backoffice uses the deprecated X-FRAME-OPTIONS header to protect against clickjacking. While this protection remains effective now, it may not be the case in the future as browsers might discontinue support for this header in favor of the frame-ancestors CSP directive. Hence,...

6.8CVSS6.7AI score0.00311EPSS
Exploits0References1
NVD
NVD
added 2025/02/11 1:15 a.m.3 views

CVE-2025-24874

SAP Commerce Backoffice uses the deprecated X-FRAME-OPTIONS header to protect against clickjacking. While this protection remains effective now, it may not be the case in the future as browsers might discontinue support for this header in favor of the frame-ancestors CSP directive. Hence,...

6.8CVSS0.00311EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/06/20 5:52 a.m.3 views

Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window

The Mozilla Foundation Security Advisory describes this flaw as: By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window...

4.7CVSS7.3AI score0.00654EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2024/06/11 12:40 p.m.20 views

CVE-2024-5691

By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12...

4.7CVSS6.6AI score0.00654EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2022/12/08 12:0 a.m.6 views

PT-2022-21400 · Red Hat · Openshift

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue is related to the absence of the X-FRAME-OPTIONS header in response headers, which helps prevent Clickjacking attacks. Without this header, some browsers may interpret the...

4.8CVSS5.1AI score0.00432EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/03/14 6:50 p.m.7 views

CVE-2022-24733 Improper Restriction of Rendered UI Layers or Frames in Sylius

Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, it is possible for a page controlled by an attacker to load the website within an iframe. This will enable a clickjacking attack, in which the attacker's page overlays the target application's interface wi...

6.1CVSS6AI score0.00871EPSS
Exploits0References4
Prion
Prion
added 2021/05/24 11:15 a.m.17 views

Cross site scripting

In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to Cross-Site Scripting XSS, since there is no validation of the .zip file name and filtering of potential abusive characters which zip files can be named to. There is no X-Frame-Options Header set, which makes it more susceptible for...

4.3CVSS5.8AI score0.0081EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2018/11/01 5:0 p.m.38 views

CVE-2018-6909

CVE-2018-6909 affects Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 Web Application. Root cause: missing X-Frame-Options header. Impact: allows clickjacking by remote attacker via an API page request; CVSSv3 base score 6.5 (NETWORK, LOW toward exploitation, user interactio...

6.5CVSS6.5AI score0.01064EPSS
Exploits1References1Affected Software1
Citrix
Citrix
added 2018/08/03 12:0 a.m.6 views

A sample to set http response header X-Frame-Options by rewrite policy

A sample to set http response header X-Frame-Options by rewrite policy on vpn vserver...

7AI score
Exploits0
OSV
OSV
added 2016/04/07 7:59 p.m.8 views

CVE-2016-0734

The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a 1 FRAME or 2 IFRAME element...

6.1CVSS6.1AI score0.08323EPSS
Exploits0References6
Web Security Log
Web Security Log
added 2014/09/01 5:52 p.m.24 views

Microsoft: Exploiting XSS with clickjacking

Little Insight: Click jacking just hide-the-button-and-follow-the-mouse. also know as UI Redressing its just playing with the UI of the victim application by clicking and mouse event . In this post we'll show UI-Redressing attack and how an attacker may trigger an unexploitable XSS flaw in an...

6.2AI score
Exploits0
Hacker One
Hacker One
added 2014/04/17 6:17 p.m.27 views

Localize: ClickJacking

It allows remote attackers to do some clickjacking which can be used for adding arbitrary tasks . Why? Almost all of your page has missing X-FRAME-OPTIONS header. Websites are at risk of a clickjacking attack when they allow content to be embedded within a frame. An attacker may use this risk to...

3.9AI score
Exploits0
Atlassian
Atlassian
added 2013/09/19 6:17 a.m.21 views

Implement clickjacking protection on https://answers.atlassian.com/

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46884. panel We received an external security report from Monendra Sahu that https://answers.atlassian.com/ is vulnerable to...

1.1AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2013/06/27 12:0 a.m.32 views

Ubuntu 12.04 LTS / 12.10 / 13.04 : firefox vulnerabilities (USN-1890-1)

Multiple memory safety issues were discovered in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking...

10CVSS8.7AI score0.69021EPSS
Exploits11References17
OpenVAS
OpenVAS
added 2012/12/13 12:0 a.m.47 views

SuSE Update for seamonkey openSUSE-SU-2012:0935-1 (seamonkey)

Check for the Version of seamonkey OpenVAS Vulnerability Test $Id: gbsuse201209351.nasl 8249 2017-12-27 06:29:56Z teissa $ SuSE Update for seamonkey openSUSE-SU-2012:0935-1 seamonkey Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...

10CVSS0.2AI score0.05593EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2012/07/17 7:21 p.m.5 views

Mozilla: X-Frame-Options header ignored when duplicated (MFSA 2012-51)

Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct clickjacking...

4.3CVSS7.3AI score0.02118EPSS
Exploits0References4
Rows per page
Query Builder