CVE-2024-30109
LOWDescription
HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| hcltech | dryice_aex |
References
Frequently Asked Questions
What is CVE-2024-30109? +
How severe is CVE-2024-30109? +
What products are affected by CVE-2024-30109? +
How do I check if I'm vulnerable to CVE-2024-30109? +
Related Vulnerabilities
A Clickjacking vulnerability in TP-Link Archer C1200 web management page allows an attacker to trick users into performing unintended actions …
Cross-Frame Scripting (XFS) vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack technique that exploits specific browser …
The web application is vulnerable to a so-called ‘clickjacking’ attack. In this type of attack, the vulnerable page is inserted …
Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open …
A select option could partially obscure security prompts. This could be used by a malicious site to trick a user …
Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly …