Vulnerability Description
The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top-level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to another page, most likely owned by another application, domain, or both.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Economizzer | Economizzer | 0.9 |
Related Weaknesses (CWE)
References
- https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38873ExploitThird Party Advisory
- https://github.com/gugoan/economizzerProduct
- https://www.economizzer.orgProduct
- https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38873ExploitThird Party Advisory
- https://github.com/gugoan/economizzerProduct
- https://www.economizzer.orgProduct
FAQ
What is CVE-2023-38873?
CVE-2023-38873 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or...
How severe is CVE-2023-38873?
CVE-2023-38873 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-38873?
Check the references section above for vendor advisories and patch information. Affected products include: Economizzer Economizzer.