SecuritySpace - CVE-2021-3660

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2021-3660

Description: Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an HTML entry. This may be used by a malicious website in clickjacking or similar attacks. </td></tr> <tr><td class=std valign=top>Test IDs:</td><td class=std> <a href="catid.html?id=1.3.6.1.4.1.25623.1.1.2.2021.2797">1.3.6.1.4.1.25623.1.1.2.2021.2797</a>   <a href="catid.html?id=1.3.6.1.4.1.25623.1.1.10.2021.0467">1.3.6.1.4.1.25623.1.1.10.2021.0467</a>   <a href="catid.html?id=1.3.6.1.4.1.25623.1.0.818595">1.3.6.1.4.1.25623.1.0.818595</a>   </td></tr> <tr><td class=std valign=top>Cross References:</td><td class=std> <a href="/smysecure/catid.html?ctype=cve&id=CVE-2021-3660">Common Vulnerability Exposure (CVE) ID: CVE-2021-3660</a><br> <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1980688">https://bugzilla.redhat.com/show_bug.cgi?id=1980688</a><br> <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1980688">https://bugzilla.redhat.com/show_bug.cgi?id=1980688</a><br> <a href="https://github.com/cockpit-project/cockpit/commit/8d9bc10d8128aae03dfde62fd00075fe492ead10">https://github.com/cockpit-project/cockpit/commit/8d9bc10d8128aae03dfde62fd00075fe492ead10</a><br> <a href="https://github.com/cockpit-project/cockpit/commit/8d9bc10d8128aae03dfde62fd00075fe492ead10">https://github.com/cockpit-project/cockpit/commit/8d9bc10d8128aae03dfde62fd00075fe492ead10</a><br> <a href="https://github.com/cockpit-project/cockpit/issues/16122">https://github.com/cockpit-project/cockpit/issues/16122</a><br> <a href="https://github.com/cockpit-project/cockpit/issues/16122">https://github.com/cockpit-project/cockpit/issues/16122</a><br> </td></tr> </table><P><P> <br> </div> </div> <br> <hr> <P> <center><div class=xsmall>© 1998-2025 E-Soft Inc. All rights reserved.</div></center> <p> <div id=footer><script>oHelpGlobals.state = ""; </script> <div class=hide id=hsqhelptitle></div> <div class=hide id=hsqhelptext><div class=std></div></div> </div></body> </html>