Swapnil Bawaskar created GEODE-1532:
---------------------------------------
Summary: Pulse is vulnerable to clickjacking
Key: GEODE-1532
URL: https://issues.apache.org/jira/browse/GEODE-1532
Project: Geode
Issue Type: Bug
Components: pulse
Reporter: Swapnil Bawaskar
The Pulse application is vulnerable to clickjacking. An attacker could frame in
the web application and highjack a click, tricking a client into making an
unintentional transaction. Attackers exploit this vulnerability by loading
target pages in IFRAMEs but keeping them hidden, and then orienting the frame
so that a user click on the embedding page is routed to a UI control on the
embedded page. The attack will be hidden from the user and perpetrated without
the user’s knowledge.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
