MEDIUM🇬🇧 English

CVE-2025-49192

CVSS 4.3v3.1pub. 2025-06-12upd. 2026-02-06

The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives. This could potentially reveal confidential information or allow others to take control of their computer while clicking on seemingly innocuous objects.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
  • Sick Field Analytics

    APP
    Sick
    wszystkie wersje
  • Sick Media Server

    APP
    Sick
    < 1.5
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-49181HIGH8.6ten sam produkt

Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensi...

CVE-2025-49183HIGH7.5ten sam produkt

All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between a...

CVE-2025-49184HIGH7.5ten sam produkt

A remote unauthorized attacker may gather sensitive information of the application, due to missing authorizati...

CVE-2025-49182HIGH7.5ten sam produkt

Files in the source code contain login credentials for the admin user and the property configuration password,...

CVE-2025-49194HIGH7.5ten sam produkt

The server supports authentication methods in which credentials are sent in plaintext over unencrypted channel...