Lack of Security Headers

Disclosed by
F_Robot's avatar
F_Robot
  • Engagement 20 Minuten
  • Disclosed date over 3 years ago
  • Priority P5 Bugcrowd's VRT priority rating
  • Status Informational This vulnerability is seen as an accepted business risk
Summary by F_Robot

X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks

Report details

  • Submitted

  • Target Location

    https://videoplayer.20min.ch

  • Target category

    Web App

  • VRT

    Server Security Misconfiguration > Lack of Security Headers > X-Frame-Options

  • Priority

    P5
  • Bug URL
    https://screenplayer.20min.ch/de/category/1?key=064189e2a35455d82f5c7fc7e49dd9ee&theme=dark
  • Description

    X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks

Activity
  1. Andy’s avatar
    Andy Customer published the disclosure report

    ()

  2. F_Robot’s avatar
    F_Robot requested disclosure

    ()

  3. Fatlum_bugcrowd’s avatarbugcrowd logo
    Fatlum_bugcrowd changed the state to Informational

    ()

  4. Fatlum_bugcrowd’s avatarbugcrowd logo
    Fatlum_bugcrowd sent a message

    ()

  5. F_Robot’s avatar
    F_Robot sent a message

    ()Edited

  6. F_Robot’s avatar
    F_Robot created the submission

    ()