GHSA-gc95-5mmp-mp6j
Suggest an improvement- Source
- https://github.com/advisories/GHSA-gc95-5mmp-mp6j
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-gc95-5mmp-mp6j/GHSA-gc95-5mmp-mp6j.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-gc95-5mmp-mp6j
- Aliases
- Published
- 2023-09-28T06:30:20Z
- Modified
- 2024-02-16T08:13:07.250490Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- Economizzer vulnerable to Clickjacking
- Details
-
The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top-level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to another page, most likely owned by another application, domain, or both.
- Database specific
{ "nvd_published_at": "2023-09-28T04:15:12Z", "cwe_ids": [ "CWE-1021" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-09-28T16:50:03Z" }- References
Affected packages
Packagist / gugoan/economizzer
Package
- Name
- gugoan/economizzer
- Purl
- pkg:composer/gugoan/economizzer