Webiste Security Vulnerability Reporting #6216
Labels
Bug
For errors / faults / flaws / inconsistencies etc.
worksforme
The issue cannot be reproduced and things work as intended.
Hi there,
I have found a Security Vulnerability on one of your website i.e. piwik.org
The vulnerability that I have found is Cross Frame Scripting followed by Clickjacking Attack.
The vulnerability exists as you have no protections against your website framing.
Thus, you haven't implemented X-Frame Options on Server Side for the prevention which you must implement now.
Severity : Medium
Impact : An attacker can control the actions of user(victim) and can perform some actions with the help of victim but without the knowledge of victim.
For more information, please visit https://www.owasp.org/index.php/Clickjacking and https://www.owasp.org/index.php/Cross_Frame_Scripting.
I am also attaching a snapshot of Iframed page. Please find the attachment for the same.
Do evaluate and inform accordingly.
Best Regards,
Nirav M. Trivedi
(Security Researcher)
The text was updated successfully, but these errors were encountered: