PT-2024-16294 · Unknown · Clibo Manager
David Padilla Alvarado
·
Published
2024-10-31
·
Updated
2024-11-04
·
CVE-2024-10454
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Clibo Manager version 1.1.9.12
Description
A clickjacking issue occurs in the '/public/login' directory, a login panel, due to the absence of an X-Frame-Options server-side header. An attacker could overlay a transparent iframe to perform click hijacking on victims.
Recommendations
For Clibo Manager version 1.1.9.12, update to the latest version to mitigate risks. As a temporary workaround, consider restricting access to the '/public/login' directory until a patch is available. Avoid using the vulnerable login panel until the issue is resolved.
Fix
Clickjacking
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Clibo Manager