CVE-2024-28196

Name of the Vulnerable Software and Affected Versions YourSpotify versions prior to 1.9.0

Description The issue concerns a clickjacking vulnerability that can be used to trick an existing user into triggering actions, such as allowing signup of other users or deleting the current user account. Clickjacking works by opening the target application in an invisible iframe on an attacker-controlled site and luring a victim to visit the attacker page and interact with it. By positioning elements over the invisible iframe, a victim can be tricked into triggering malicious or destructive actions in the invisible iframe, while they think they interact with a totally different site altogether. This can result in a high impact to the integrity of YourSpotify.

Recommendations For versions prior to 1.9.0, upgrade to version 1.9.0 to address the issue. As a temporary workaround, consider restricting access to the YourSpotify instance to minimize the risk of exploitation. Avoid using YourSpotify while logged in and visiting other sites to reduce the risk of clickjacking attacks.