This page collects WhisperX intelligence signals tagged #clickjacking. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security oversight has left a Next.js application unprotected against common web attacks. The site's configuration lacks fundamental HTTP security headers, creating direct vulnerabilities to cross-site scripting (XSS), clickjacking, and MIME sniffing attacks. This exposure stems from an empty `next.config.ts...
A high-severity security flaw in a video utility function allows attackers to inject arbitrary domains into Panopto embed URLs, creating a direct vector for clickjacking and phishing attacks. The vulnerability resides in the `getVideoEmbedInfo()` function within `src/utils/video.ts`, which extracts a domain from user-s...
A critical security gap has been identified in a Next.js application's configuration, leaving it vulnerable to clickjacking attacks and amplifying the risk of cross-site scripting (XSS). The vulnerability, flagged as a MEDIUM severity finding (SEC-010), stems from the complete absence of essential security headers in t...
A critical security gap has been identified in POPFile's Mojolicious-based API layer. The application's dispatch handler at `POPFile/API.pm:205` fails to set any HTTP security headers, leaving the software exposed to multiple browser-based attack vectors. The code currently lacks six foundational response headers: Con...
A security research disclosure identifies multiple hardening gaps in Ory Hydra's consent and device authorization flows that, if exploited, could expose user credentials and enable UI-based attacks. The most actionable issue involves the consent page template at `consent.html`, which renders a logo specified by the OA...