CVE-2023-38873
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top-level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to another page, most likely owned by another application, domain, or both.
El commit 3730880 (abril de 2023) y v.0.9-beta1 de gugoan Economizzer es vulnerable al secuestro de clics. El secuestro de clics, también conocido como "UI redress attack", ocurre cuando un atacante usa múltiples capas transparentes u opacas para engañar a un usuario para que haga clic en un botón o enlace en otra página cuando tenía la intención de hacer clic en la página de nivel superior. Por lo tanto, el atacante está "secuestrando" los clics destinados a su página y enviándolos a otra página, probablemente propiedad de otra aplicación, dominio o ambos.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2023-07-25 CVE Reserved
- 2023-09-28 CVE Published
- 2024-09-23 CVE Updated
- 2024-09-23 First Exploit
- 2024-10-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-1021: Improper Restriction of Rendered UI Layers or Frames
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://github.com/gugoan/economizzer | Product | |
https://www.economizzer.org | Product |
URL | Date | SRC |
---|---|---|
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38873 | 2024-09-23 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Economizzer Search vendor "Economizzer" | Economizzer Search vendor "Economizzer" for product "Economizzer" | 0.9 Search vendor "Economizzer" for product "Economizzer" and version "0.9" | beta1, wordpress |
Affected
| ||||||
Economizzer Search vendor "Economizzer" | Economizzer Search vendor "Economizzer" for product "Economizzer" | april_2023 Search vendor "Economizzer" for product "Economizzer" and version "april_2023" | wordpress |
Affected
|