3796 matches found
CVE-2025-54139 HAX CMS' application pages are vulnerable to clickjacking
HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs versions 11.0.12 and below and in haxcms-php versions 11.0.7 and below, all pages within the HAX CMS application do not contain headers to prevent other websites from loading the site within an...
CVE-2025-54139 HAX CMS' application pages are vulnerable to clickjacking
HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs versions 11.0.12 and below and in haxcms-php versions 11.0.7 and below, all pages within the HAX CMS application do not contain headers to prevent other websites from loading the site within an...
CVE-2025-54139 HAX CMS' application pages are vulnerable to clickjacking
HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs versions 11.0.12 and below and in haxcms-php versions 11.0.7 and below, all pages within the HAX CMS application do not contain headers to prevent other websites from loading the site within an...
GHSA-54VW-F4XF-F92J HAX CMS application pages vulnerable to clickjacking
Summary All pages within the HAX CMS application do not contain headers to stop other websites from loading the site within an iframe. This applies to both the CMS and generated sites. PoC To replicate this vulnerability, load the target page in an iframe and observe the rendered content. Impact ...
HAX CMS application pages vulnerable to clickjacking
Summary All pages within the HAX CMS application do not contain headers to stop other websites from loading the site within an iframe. This applies to both the CMS and generated sites. PoC To replicate this vulnerability, load the target page in an iframe and observe the rendered content. Impact ...
PT-2025-30361 · Hax Cms · Hax Cms
Name of the Vulnerable Software and Affected Versions: HAX CMS versions 11.0.7 and below PHP HAX CMS versions 11.0.12 and below NodeJS Description: HAX CMS does not include headers to prevent websites from loading the application within an iframe. This affects both the CMS and generated sites. An...
CVE-2025-6983
A Clickjacking vulnerability in TP-Link Archer C1200 web management page allows an attacker to trick users into performing unintended actions via rendered UI layers or frames.This issue affects Archer C1200 = 1.1.5...
CVE-2025-6983
A Clickjacking vulnerability in TP-Link Archer C1200 web management page allows an attacker to trick users into performing unintended actions via rendered UI layers or frames.This issue affects Archer C1200 = 1.1.5...
CVE-2025-6983
CVE-2025-6983 affects TP-Link Archer C1200 web management, with a clickjacking flaw in versions 1.1.5 and earlier. An attacker could trick a logged-in user into performing unintended actions via layered UI/frames. No exploitation details are provided in the initial and connected documents, but mu...
CVE-2025-6983 Clickjacking vulnerability on the management web application of TP-LINK Archer C1200
A Clickjacking vulnerability in TP-Link Archer C1200 web management page allows an attacker to trick users into performing unintended actions via rendered UI layers or frames.This issue affects Archer C1200 = 1.1.5...
CVE-2025-6983 Clickjacking vulnerability on the management web application of TP-LINK Archer C1200
A Clickjacking vulnerability in TP-Link Archer C1200 web management page allows an attacker to trick users into performing unintended actions via rendered UI layers or frames.This issue affects Archer C1200 = 1.1.5...
TP-LINK Archer C1200 安全漏洞
TP-LINK Archer C1200 is a wireless router from China P&L TP-LINK. A security vulnerability exists in TP-LINK Archer C1200 version 1.1.5 and earlier, which stems from a clickjacking risk that could cause users to perform unintended actions...
PT-2025-29878 · Tp Link · Archer C1200
Name of the Vulnerable Software and Affected Versions: TP-Link Archer C1200 versions prior to 1.1.6 Description: A clickjacking issue exists in the web management page of the TP-Link Archer C1200. This allows an attacker to deceive users into performing actions they did not intend through the...
Unspecified Vulnerability in Endress+Hauser MEAC300-FNADE4 (CNVD-2025-16354)
The Endress+Hauser MEAC300-FNADE4 is a cost-effective emissions data management computer from Endress+Hauser Vietnam. A security vulnerability exists in the Endress+Hauser MEAC300-FNADE4, which can be exploited by attackers to conduct clickjacking attacks...
webkitgtk: Visiting a malicious website may lead to address bar spoofing.
A vulnerability was found in WebKitGTK. This flaw occurs due to an issue in the component URL Handler, which allows a remote attacker to manipulate an unknown input that can lead to clickjacking...
A Systematization of Security Vulnerabilities in Computer Use Agents
Computer Use Agents CUAs, autonomous systems that interact with software interfaces via browsers or virtual machines, are rapidly being deployed in consumer and enterprise environments. These agents introduce novel attack surfaces and trust boundaries that are not captured by traditional threat...
FreeBSD : firefox -- multiple vulnerabilities (a55d2120-58cf-11f0-b4ad-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the a55d2120-58cf-11f0-b4ad-b42e991fc52e advisory. [email protected] reports: An attacker was able to bypass the connect-src directive of a...
CVE-2025-27455
The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of...
CVE-2025-27455
The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of...
CVE-2025-27455
The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of...