Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sunshine clickjacking in the UI leads to unauthorized actions being performed
Vulnerability Description
Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Clickjacking attacks. This vulnerability allows an attacker to embed the Sunshine interface within a malicious website using an invisible or disguised iframe. If a user is tricked into interacting (one or multiple clicks) with the malicious page while authenticated, they may unknowingly perform actions within the Sunshine application without their consent. This issue has been patched in version 2025.628.4510.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Vulnerability Type
不当限制渲染UI层或帧
Vulnerability Title
Sunshine 安全漏洞
Vulnerability Description
Sunshine是LizardByte开源的一个 Moonlight 的自助游戏流主机。 Sunshine 2025.628.4510之前版本存在安全漏洞,该漏洞源于web UI缺少点击劫持保护,可能导致未经授权的操作。
CVSS Information
N/A
Vulnerability Type
N/A