The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top-level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to another page, most likely owned by another application, domain, or both.

Affected Packages

Packagist gugoan/economizzer

Affected versions: 0 (last affected: 0.9-beta1)

Related CVEs

CVE-2023-38873

Key Information

GHSA ID

GHSA-gc95-5mmp-mp6j

Published

September 28, 2023 6:30 AM

Last Modified

October 2, 2023 9:34 PM

CVSS Score

5.0 /10

Primary Ecosystem

Packagist

Primary Package

gugoan/economizzer

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 31, 2025 6:36 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.