The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives. This could potentially reveal confidential information or allow others to take control of their computer while clicking on seemingly innocuous objects.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NSick Field Analytics
APPSickwszystkie wersjeSick Media Server
APPSick< 1.5
Powiązane podatności
Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensi...
All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between a...
A remote unauthorized attacker may gather sensitive information of the application, due to missing authorizati...
Files in the source code contain login credentials for the admin user and the property configuration password,...
The server supports authentication methods in which credentials are sent in plaintext over unencrypted channel...