2 matches found
CVE-2026-38979
CVE-2026-38979 affects Ajenti v2.2.13. The issue is a clickjacking weakness in the browser-facing login and administrative UI caused by the HTTP response path in ajenti-core/aj/http.py, which initializes an empty header list, forwards handler-added headers verbatim, and finalizes responses via WS...
Clickjacking
@haxtheweb/haxcms-nodejs and elmsln/haxcms are vulnerable to Clickjacking. The vulnerability is due to missing anti-framing headers caused by the absence of X-Frame-Options or equivalent headers in both the CMS and generated sites, allowing unauthenticated attackers to embed sensitive pages in...