Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Dokploy has a clickjacking vulnerability - Missing X-Frame-Options and CSP frame-ancestors headers
Vulnerability Description
Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, the Dokploy web interface is vulnerable to Clickjacking attacks due to missing frame-busting headers. This allows attackers to embed Dokploy pages in malicious iframes and trick authenticated users into performing unintended actions. Version 0.26.6 patches the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Vulnerability Type
不当限制渲染UI层或帧
Vulnerability Title
Dokploy 安全漏洞
Vulnerability Description
Dokploy是Dokploy开源的一个开源软件。 Dokploy 0.26.6之前版本存在安全漏洞,该漏洞源于缺少框架破坏标头,可能导致点击劫持攻击。
CVSS Information
N/A
Vulnerability Type
N/A