Hi,
W dniu 6.11.2025 o 10:20, Whitehat Security pisze:
> Hello Team,
>
> I have found a bug in your website https://unity-idm.eu
> The details of it are as follows:-
>
>
> Summary:
>
> X-Frame-Options ALLOW-FROM https://unity-idm.eu supported by several
> Browser,
>
>
> Steps To Reproduce:
>
> 1. Create a new HTML file
> 2. Put <iframe src="https://unity-idm.eu"0"></iframe>
> 3. Save the file
> 4. Open document in browser
>
>
> Impact:
>
> Attacker may tricked user, sending them malicious link then user open
> it clicked some image and their account unconsciously has been deactivated
>
This webpage is not accepting any sensitive user inputs, users have no
accounts, it is information only. Therefore the attacks you are
describing are of minimal - if any - threat to our users. Note: this
applies also to the another report on clickjacking).
Nevertheless, thanks for the heads up :-)
Krzysztof
|
