CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-10454

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00037/1

CVE-2024-10454 exposes Clibo Manager v1.1.9.12 to clickjacking attacks via the '/public/login' directory. This vulnerability stems from a missing X-Frame-Options header, allowing attackers to trick users into unknowingly clicking malicious links. While the CVSS score is 0, the SOCRadar Vulnerability Risk Score (SVRS) is 30. Even though an SVRS of 30 is not critical, the 'In The Wild' tag suggests active exploitation. An attacker could overlay a transparent iframe, hijacking clicks and potentially gaining unauthorized access or performing unwanted actions. This security flaw poses a risk to user accounts and data integrity within the Clibo Manager application. Addressing this vulnerability by implementing the X-Frame-Options header is essential to mitigate potential exploitation.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-10-31
LAST MODIFIED2024-11-01

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-10454 | Clibo Manager 1.1.9.12 /public/login ui layer
vuldb.com2025-03-02
CVE-2024-10454 | Clibo Manager 1.1.9.12 /public/login ui layer | A vulnerability classified as problematic has been found in Clibo Manager 1.1.9.12. Affected is an unknown function of the file /public/login. The manipulation leads to improper restriction of rendered ui layers. This vulnerability is traded as CVE-2024-10454. It is possible to launch the attack remotely. There is no exploit available.
rss
vuldb.com
forum
news
Vulnerabilidad clickjacking en Clibo Manager
2025-01-08
Vulnerabilidad clickjacking en Clibo Manager | Clickjacking vulnerability in Clibo Manager Tue, 10/29/2024 - 12:16 Aviso <div class="clearfix
incibe.es
rss
forum
news

Social Media

CVE-2024-10454 Clickjacking vulnerability in Clibo Manager v1.1.9.12 in the '/public/login' directory, a login panel. This vulnerability occurs due to the absence of an X-Frame-Opti… https://t.co/KD847AHDz7
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://www.incibe.es/en/incibe-cert/notices/aviso/clickjacking-vulnerability-clibo-manager

CWE Details

CWE IDCWE NameDescription
CWE-1021Improper Restriction of Rendered UI Layers or FramesThe web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence