How severe is CVE-2022-24733?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.1 out of 10.

What type of vulnerability is CVE-2022-24733?

This is classified as CWE-1021, which is a common weakness in software security.

CVE-2022-24733

MEDIUM Year: 2022

CVSS v3 Score

6.1

Medium

CVSS v2 Score

5.8

Medium

Weakness Type

CWE-1021

View all →

Vulnerability Description

Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, it is possible for a page controlled by an attacker to load the website within an iframe. This will enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. Every response from app should have an X-Frame-Options header set to: ``sameorigin``. To achieve that, add a new `subscriber` in the app.

CVE-2017-11290

MEDIUM

CVSS:6.1(Medium)

An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A UI Redress (or Clickjacking) vulnerability exists. This issue has been resolved by adding a feature that enables Connect administ...

CWE-10212017

CVE-2017-16775

MEDIUM

CVSS:6.1(Medium)

Improper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote attackers to conduct clickjacking attacks via unspecified vect...

CWE-10212017

CVE-2018-1803

MEDIUM

CVSS:6.1(Medium)

IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malic...

CWE-10212018

CVE-2018-1853

MEDIUM

CVSS:6.1(Medium)

IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote ...

CWE-10212018

CVE-2018-19957

MEDIUM

CVSS:6.1(Medium)

A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. This vulnerability allows remote attackers to launch privacy an...

CWE-10212018

CVE-2019-4086

MEDIUM

CVSS:6.1(Medium)

IBM Cloud Application Performance Management 8.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker co...

CWE-10212019

CVE-2022-24733

Vulnerability Description

Related Vulnerabilities

CVE-2017-11290

CVE-2017-16775

CVE-2018-1803

CVE-2018-1853

CVE-2018-19957

CVE-2019-4086