Re: [Unity-idm-discuss] Vulnerability Report [X-frame By-Pass]

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

W dniu 6.11.2025 o 10:20, Whitehat Security pisze:
> Hello Team,
>
> I have found a bug in your website https://unity-idm.eu
> The details of it are as follows:-
>
>
>     Summary:
>
> X-Frame-Options ALLOW-FROM https://unity-idm.eu supported by several 
> Browser,
>
>
>     Steps To Reproduce:
>
>  1. Create a new HTML file
>  2. Put <iframe src="https://unity-idm.eu"0"></iframe>
>  3. Save the file
>  4. Open document in browser
>
>
>     Impact:
>
> Attacker may tricked user, sending them malicious link then user open 
> it clicked some image and their account unconsciously has been deactivated
>

This webpage is not accepting any sensitive user inputs, users have no 
accounts, it is information only. Therefore the attacks you are 
describing are of minimal - if any - threat to our users. Note: this 
applies also to the another report on clickjacking).

Nevertheless, thanks for the heads up :-)
Krzysztof

Re: [Unity-idm-discuss] Vulnerability Report [X-frame By-Pass]

Identity management and federations integration

Re: [Unity-idm-discuss] Vulnerability Report [X-frame By-Pass]