CVE-2023-38873

Name of the Vulnerable Software and Affected Versions gugoan Economizzer version 0.9-beta1 gugoan Economizzer commit 3730880 (April 2023)

Description The issue is related to Clickjacking, also known as a "UI redress attack", where an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top-level page. This allows the attacker to "hijack" clicks meant for their page and route them to another page, most likely owned by another application, domain, or both.

Recommendations For gugoan Economizzer version 0.9-beta1, consider implementing framebusting techniques to prevent the page from being framed by other sites. For gugoan Economizzer commit 3730880 (April 2023), as a temporary workaround, consider restricting access to sensitive functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.