38 matches found
CVE-2020-13174
The web server in the Teradici Managament console versions 20.04 and 20.01.1 did not properly set the X-Frame-Options HTTP header, which could allow an attacker to trick a user into clicking a malicious link via clickjacking...
CVE-2019-19001
For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentia...
CVE-2025-24874
SAP Commerce Backoffice uses the deprecated X-FRAME-OPTIONS header to protect against clickjacking. While this protection remains effective now, it may not be the case in the future as browsers might discontinue support for this header in favor of the frame-ancestors CSP directive. Hence,...
CVE-2025-24874
SAP Commerce Backoffice uses the deprecated X-FRAME-OPTIONS header to protect against clickjacking. While this protection remains effective now, it may not be the case in the future as browsers might discontinue support for this header in favor of the frame-ancestors CSP directive. Hence,...
Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window
The Mozilla Foundation Security Advisory describes this flaw as: By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window...
CVE-2024-5691
By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12...
PT-2022-21400 · Red Hat · Openshift
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue is related to the absence of the X-FRAME-OPTIONS header in response headers, which helps prevent Clickjacking attacks. Without this header, some browsers may interpret the...
CVE-2022-24733 Improper Restriction of Rendered UI Layers or Frames in Sylius
Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, it is possible for a page controlled by an attacker to load the website within an iframe. This will enable a clickjacking attack, in which the attacker's page overlays the target application's interface wi...
Cross site scripting
In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to Cross-Site Scripting XSS, since there is no validation of the .zip file name and filtering of potential abusive characters which zip files can be named to. There is no X-Frame-Options Header set, which makes it more susceptible for...
CVE-2018-6909
CVE-2018-6909 affects Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 Web Application. Root cause: missing X-Frame-Options header. Impact: allows clickjacking by remote attacker via an API page request; CVSSv3 base score 6.5 (NETWORK, LOW toward exploitation, user interactio...
A sample to set http response header X-Frame-Options by rewrite policy
A sample to set http response header X-Frame-Options by rewrite policy on vpn vserver...
CVE-2016-0734
The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a 1 FRAME or 2 IFRAME element...
Microsoft: Exploiting XSS with clickjacking
Little Insight: Click jacking just hide-the-button-and-follow-the-mouse. also know as UI Redressing its just playing with the UI of the victim application by clicking and mouse event . In this post we'll show UI-Redressing attack and how an attacker may trigger an unexploitable XSS flaw in an...
Localize: ClickJacking
It allows remote attackers to do some clickjacking which can be used for adding arbitrary tasks . Why? Almost all of your page has missing X-FRAME-OPTIONS header. Websites are at risk of a clickjacking attack when they allow content to be embedded within a frame. An attacker may use this risk to...
Implement clickjacking protection on https://answers.atlassian.com/
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46884. panel We received an external security report from Monendra Sahu that https://answers.atlassian.com/ is vulnerable to...
Ubuntu 12.04 LTS / 12.10 / 13.04 : firefox vulnerabilities (USN-1890-1)
Multiple memory safety issues were discovered in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking...
SuSE Update for seamonkey openSUSE-SU-2012:0935-1 (seamonkey)
Check for the Version of seamonkey OpenVAS Vulnerability Test $Id: gbsuse201209351.nasl 8249 2017-12-27 06:29:56Z teissa $ SuSE Update for seamonkey openSUSE-SU-2012:0935-1 seamonkey Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...
Mozilla: X-Frame-Options header ignored when duplicated (MFSA 2012-51)
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct clickjacking...