Lucene search
Veracode Vulnerability DatabaseVERACODE:34688HistoryMar 15, 2022 - 6:12 a.m.
Click Jacking
2022-03-1506:12:58
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
17
sylius
click-jacking
attacks
login forms
malicious website
iframe
http headers
EPSS
0.002
Percentile
52.0%
sylius/sylius is vulnerable to click-jacking attacks. An attacker can avoid login forms and load the malicious website within an iframe due to the missing HTTP headers.
References
github.com/Sylius/Sylius/commit/67de9e81044fdb68ef7b0afabadaddb8644cd7ea
github.com/Sylius/Sylius/pull/14
github.com/Sylius/Sylius/releases/tag/v1.10.11
github.com/Sylius/Sylius/releases/tag/v1.11.2
github.com/Sylius/Sylius/releases/tag/v1.9.10
github.com/Sylius/Sylius/security/advisories/GHSA-4jp3-q2qm-9fmw
Related
prion
prion
Code injection
2022-03-14 19:15:00
cvelist
cvelist
nvd
nvd
CVE-2022-24733
2022-03-14 19:15:12
osv
osv
CVE-2022-24733
2022-03-14 19:15:12
Improper Restriction of Rendered UI Layers or Frames in Sylius
2022-03-14 21:55:33
github
github
Improper Restriction of Rendered UI Layers or Frames in Sylius
2022-03-14 21:55:33
cve
cve
CVE-2022-24733
2022-03-14 19:15:12
cnvd
cnvd
Sylius has an unspecified vulnerability (CNVD-2022-22317)
2022-03-16 00:00:00