CVE-2022-3260

MEDIUM Year: 2022
CVSS v3 Score
4.8
Medium
Weakness Type
CWE-1021
View all →

Vulnerability Description

The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks.

Related Vulnerabilities

CVE-2020-10951

MEDIUM
CVSS:4.7(Medium)

Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages.

CWE-10212020

CVE-2020-6827

MEDIUM
CVSS:4.7(Medium)

When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI. <br> *Note: This issue only affec...

CWE-10212020

CVE-2021-27003

MEDIUM
CVSS:4.7(Medium)

Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack.

CWE-10212021

CVE-2021-3731

MEDIUM
CVSS:4.7(Medium)

LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions.

CWE-10212021

CVE-2021-38472

MEDIUM
CVSS:4.7(Medium)

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 management portal does not contain an X-FRAME-OPTIONS header, which an attacker may take advantage of by sending a link to an admini...

CWE-10212021