Primary

Context

DIFY Clickjacking Vulnerability

Vulnerability

A clickjacking vulnerability has been identified in the DIFY application prior to version 1.3.0. This vulnerability allows malicious actors to deceive users into unintentionally clicking on webpage elements, potentially leading to unauthorized actions that could compromise user security and privacy.

Impact

Successful exploitation can result in unauthorized actions being performed on behalf of the user, such as changing user settings, disclosing sensitive personal information, or compromising user accounts or sessions.

Reproduction

The vulnerability can be reproduced by loading the DIFY application in a web browser and not including the X-Frame-Options header in the server response. This absence allows the application to be embedded in a frame or iframe, where it can be manipulated to trick users into clicking on elements without their knowledge.

Remediation

Users are advised to update to DIFY version 1.3.0 or later, and to configure the web server to include an X-Frame-Options header to prevent clickjacking attacks.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.8

remediation

8.3

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.8

remediation

8.3

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

DIFY Clickjacking Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

langgenius DIFY

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating