CVE-2023-38873
published 2023-09-28CVE-2023-38873: The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when…
PriorityP430medium6.5CVSS 3.1
AVNACLPRNUIRSUCNIHAN
EPSS
0.63%
45.8th percentile
The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top-level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to another page, most likely owned by another application, domain, or both.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| economizzer | economizzer | — | — |
| economizzer | economizzer | — | — |
| gugoan | economizzer | 0 – 0.9-beta1 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Economizzer vulnerable to Clickjacking
ghsa·2023-09-28
CVE-2023-38873 [MEDIUM] CWE-1021 Economizzer vulnerable to Clickjacking
Economizzer vulnerable to Clickjacking
The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top-level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to another page, most likely owned by another application, domain, or both.
OSV
Economizzer vulnerable to Clickjacking
osv·2023-09-28
CVE-2023-38873 [MEDIUM] Economizzer vulnerable to Clickjacking
Economizzer vulnerable to Clickjacking
The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top-level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to another page, most likely owned by another application, domain, or both.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-09-28
Published