CVE-2025-24874 Missing Defense in Depth Against Clickjacking in SAP Commerce Backoffice

SAP Commerce Backoffice uses the deprecated X-FRAME-OPTIONS header to protect against clickjacking. While this protection remains effective now, it may not be the case in the future as browsers might discontinue support for this header in favor of the frame-ancestors CSP directive. Hence,...

CVE-2025-24874 Missing Defense in Depth Against Clickjacking in SAP Commerce Backoffice

SAP Commerce Backoffice uses the deprecated X-FRAME-OPTIONS header to protect against clickjacking. While this protection remains effective now, it may not be the case in the future as browsers might discontinue support for this header in favor of the frame-ancestors CSP directive. Hence,...

CVE-2025-24874

CVE-2025-24874 affects SAP Commerce Backoffice. The issue is the use of the deprecated X-FRAME-OPTIONS header to prevent clickjacking; while currently effective, future browser support changes (favoring frame-ancestors CSP) could enable clickjacking, potentially exposing/modifying sensitive infor...

SAP Commerce 安全漏洞

SAP Commerce is a cloud-based e-commerce solution developed by SAP. An information disclosure vulnerability exists in SAP Commerce, which stems from the use of the deprecated X-FRAME-OPTIONS header to prevent clickjacking, and can be exploited by an attacker to disclose and tamper with sensitive...

CVE-2024-49796 IBM ApplinX Clickjacking

IBM ApplinX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim...

CVE-2024-49796 IBM ApplinX Clickjacking

IBM ApplinX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim...

CVE-2024-49796

IBM ApplinX 11.1 is reported vulnerable to a remote click hijack (clickjacking) when a user visits a malicious site, enabling the attacker to hijack the victim’s click actions and potentially facilitate further attacks. The vulnerability is tied to IBM ApplinX 11.1; IBM’s remediation is to upgrad...

CVE-2022-4105

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack clickjacking and an HTML injection which disables the use of the history page...

Clickjacking Vulnerability in JP1/ServerConductor/Deployment Manager

Overview A Clickjacking Vulnerability was found in JP1/ServerConductor/Deployment Manager. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

Top Echelon Software: Clickjacking in main domain https://topechelon.com/

The target website was vulnerable to Clickjacking, a web-based attack that tricked users into interacting with a hidden or disguised iframe. The vulnerability could have been exploited to manipulate user actions, potentially leading to unauthorized activities...

CVE-2025-0729

A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to clickjacking. The attack may be initiated remotely. Upgrading to version 1.0.0 Build 20250124 Rel. 54920Beta is...

CVE-2025-0729 TP-Link TL-SG108E clickjacking

A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to clickjacking. The attack may be initiated remotely. Upgrading to version 1.0.0 Build 20250124 Rel. 54920Beta is...

CVE-2025-0729 TP-Link TL-SG108E clickjacking

A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to clickjacking. The attack may be initiated remotely. Upgrading to version 1.0.0 Build 20250124 Rel. 54920Beta is...

CVE-2025-0729

CVE-2025-0729 affects TP-Link TL-SG108E (version 1.0.0 Build 20201208 Rel. 40304). The vulnerability is described as enabling clickjacking, with a remote attack vector and no required user interaction stated in the sources. A fix is available in a Beta pre-fix build: TL-SG108E 1.0.0 Build 2025012...

TP-LINK TL-SG108E 安全漏洞

TP-LINK TL-SG108E is a smart switch from China P&L TP-LINK. A security vulnerability exists in TP-LINK TL-SG108E version 1.0.0 Build 20201208 Rel.40304, which stems from the presence of clickjacking...

PT-2025-4023 · Tp Link · Tp-Link Tl-Sg108E

Name of the Vulnerable Software and Affected Versions: TP-Link TL-SG108E version 1.0.0 Build 20201208 Rel. 40304 Description: A vulnerability was found in the TP-Link TL-SG108E, which has been rated as problematic. This issue affects some unknown processing and leads to clickjacking. The attack m...

Debian dla-3697 : firefox-esr - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3697 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3697-1 [email protected]...

CVE-2024-57369

Clickjacking vulnerability in typecho v1.2.1...

CVE-2024-57369

Clickjacking vulnerability in typecho v1.2.1...

CVE-2024-57369

Clickjacking vulnerability in typecho v1.2.1...