Lucene search
K

4 matches found

NVD
NVD
added 2023/10/19 11:15 p.m.18 views

CVE-2023-41897

Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the X-Frame-Options header, which specifies whether the web page is allowed to be framed. The omission of this and correlating headers facilitates covert clickjacking attacks...

9.6CVSS9.4AI score0.0095EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/10/19 10:23 p.m.13 views

CVE-2023-41897 Lack of XFO header allows clickjacking in Home Assistant Core

Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the X-Frame-Options header, which specifies whether the web page is allowed to be framed. The omission of this and correlating headers facilitates covert clickjacking attacks...

8.8CVSS7.4AI score0.0095EPSS
Exploits0References3
OSV
OSV
added 2023/10/19 10:23 p.m.32 views

CVE-2023-41897 Lack of XFO header allows clickjacking in Home Assistant Core

Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the X-Frame-Options header, which specifies whether the web page is allowed to be framed. The omission of this and correlating headers facilitates covert clickjacking attacks...

8.8CVSS9.2AI score0.0095EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/10/19 10:23 p.m.21 views

CVE-2023-41897 Lack of XFO header allows clickjacking in Home Assistant Core

Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the X-Frame-Options header, which specifies whether the web page is allowed to be framed. The omission of this and correlating headers facilitates covert clickjacking attacks...

8.8CVSS9.8AI score0.0095EPSS
Exploits0References3
Rows per page
Query Builder