Webiste Security Vulnerability Reporting #6216
Labels
Bug
For errors / faults / flaws / inconsistencies etc.
worksforme
The issue cannot be reproduced and things work as intended.
Comments
|
Hi Nirav, Thank you for your security report! we provide our security information at: http://piwik.org/security/ The preferred way for responsible disclosure is to send an email to security@piwik.org the shortlisted list of core developers who will handle the disclosure and fix ASAP. Thank you in advance for your report to security@piwik.org and helping to make security better for the whole community! |
mattab
added
worksforme
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi there,
I have found a Security Vulnerability on one of your website i.e. piwik.org
The vulnerability that I have found is Cross Frame Scripting followed by Clickjacking Attack.
The vulnerability exists as you have no protections against your website framing.
Thus, you haven't implemented X-Frame Options on Server Side for the prevention which you must implement now.
Severity : Medium
Impact : An attacker can control the actions of user(victim) and can perform some actions with the help of victim but without the knowledge of victim.
For more information, please visit https://www.owasp.org/index.php/Clickjacking and https://www.owasp.org/index.php/Cross_Frame_Scripting.
I am also attaching a snapshot of Iframed page. Please find the attachment for the same.
Do evaluate and inform accordingly.
Best Regards,
Nirav M. Trivedi
(Security Researcher)
The text was updated successfully, but these errors were encountered: