Vulnerabilities > CVE-2019-12880 - Improper Restriction of Rendered UI Layers or Frames vulnerability in Bcnquark Quarking Password Manager 3.1.84

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

bcnquark

CWE-1021

NVD

Published: 2019-06-24

Updated: 2020-08-24

Summary

BCN Quark Quarking Password Manager 3.1.84 suffers from a clickjacking vulnerability caused by allowing * within web_accessible_resources. An attacker can take advantage of this vulnerability and cause significant harm.

Vulnerable Configurations

Part	Description	Count
Application	Bcnquark Bcnquark Quarking Password Manager 3.1.84	1

Common Weakness Enumeration (CWE)

CWE-1021 - Improper Restriction of Rendered UI Layers or Frames

References

https://chrome.google.com/webstore/detail/quarking-password-manager/gfkmpfajamepgekgohcdnjogmeamcdmm?hl=en
http://seclists.org/fulldisclosure/2019/Jun/31
http://packetstormsecurity.com/files/153405/Quarking-Password-Manager-3.1.84-Clickjacking.html