Описание
A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by triggering an API page request.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:rainmachine:rainmachine_web_application:-:*:*:*:*:*:*:*
EPSS
Процентиль: 45%
0.00226
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-1021
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by triggering an API page request.
EPSS
Процентиль: 45%
0.00226
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-1021