CVE-2024-2383

MEDIUM Year: 2024
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-1021
View all →

Vulnerability Description

A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious page, potentially leading to unauthorized actions by tricking users into interacting with the interface under the attacker's control. The issue was addressed in version 0.56.3.

Related Vulnerabilities

CVE-2013-2682

MEDIUM
CVSS:4.3(Medium)

Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vulnerability which allows remote attackers to obtain sensitive information.

CWE-10212013

CVE-2013-5594

MEDIUM
CVSS:4.3(Medium)

Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml binding

CWE-10212013

CVE-2013-6772

MEDIUM
CVSS:4.3(Medium)

Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking

CWE-10212013

CVE-2017-5026

MEDIUM
CVSS:4.3(Medium)

Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to prevent alerts from being displayed by swapped out frames, which allowed a remote attacker to show alerts on a page they don't...

CWE-10212017

CVE-2018-12576

MEDIUM
CVSS:4.3(Medium)

TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking.

CWE-10212018

CVE-2018-6178

MEDIUM
CVSS:4.3(Medium)

Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a ...

CWE-10212018