Clickjacking

Disclosed: 2014-08-21 17:13:49 By cliantech To mavenlink
Unknown
Vulnerability Details
Hi, You have no implementation of Clickjacking attacks on your mobile version. I have set up a user agent switcher and tried to support my claim with regards to the mobile website. For proof of concept: <iframe src="https://m.mavenlink.com/#/workspaces/new"></iframe> For mitigation, you may want to add the HTTP header XFRAMEOPTIONS and set it to DENY. Attached below is a screenshot. Thanks!
Actions
View on HackerOne
Report Stats
  • Report ID: 21110
  • State: Closed
  • Substate: resolved
  • Upvotes: 1
Share this report