bug-bounty457
google361
microsoft312
facebook268
xss250
apple178
malware176
rce165
exploit140
cve111
account-takeover104
bragging-post101
phishing84
privilege-escalation82
csrf81
supply-chain68
stored-xss65
authentication-bypass63
dos62
browser61
reflected-xss57
react52
cloudflare50
reverse-engineering49
input-validation48
cross-site-scripting48
node47
aws47
access-control47
docker46
smart-contract45
ethereum44
sql-injection43
defi43
ssrf42
web-security42
web342
web-application41
writeup37
oauth37
race-condition36
burp-suite35
vulnerability-disclosure34
idor34
info-disclosure34
cloud33
auth-bypass33
html-injection33
lfi32
smart-contract-vulnerability32
0
5/10
vulnerability
WhatsApp's web client was vulnerable to clickjacking attacks due to missing X-Frame-Options header and iframe busting techniques, allowing attackers to trick users into sending messages, creating groups, or making calls on their behalf. The vulnerability was reported to Facebook in January 2015 and subsequently fixed with an X-Frame-Options: Deny header.
clickjacking
ui-redress-attack
web-client
whatsapp
x-frame-options
iframe-busting
client-side-vulnerability
authentication-bypass
WhatsApp
Facebook
Telegram
Mohamed A. Baset
Seekurity
Brian Acton
Jan Koum