PT-2024-18397 · Unknown · Sunny Webbox
David Matilla Rebollo
·
Published
2024-02-26
·
Updated
2025-03-11
·
CVE-2024-1890
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Sunny WebBox versions 1.6.1 and earlier
Description
The issue allows an attacker to send a malicious link to an authenticated operator, potentially enabling remote attackers to perform a clickjacking attack.
Recommendations
For Sunny WebBox versions 1.6.1 and earlier, update to a version later than 1.6.1 to resolve the issue.
As a temporary workaround, consider restricting access to authenticated operators or implementing additional security measures to minimize the risk of clickjacking attacks.
Fix
Clickjacking
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sunny Webbox