What the vulnerability does

01Description

The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks.

Key dates

02Disclosure timeline

December 8, 2022 CVE published
April 23, 2025 Record updated