Removed hyphen from clickjacking

bugcrowd · Nov 27, 2023 · 1e4fada · 1e4fada
1 parent a50272f
commit 1e4fada
Show file tree

Hide file tree

Showing 5 changed files with 6 additions and 6 deletions.
diff --git a/...y_misconfiguration/lack_of_security_headers/content_security_policy/template.md b/...y_misconfiguration/lack_of_security_headers/content_security_policy/template.md
@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-A lack of the HTTP response header for Content Security Policy (CSP) can lead to sensitive user data being retrieved by an attacker and increases the attack surface for Cross-Site Scripting (XSS) and click-jacking attacks. There are multiple HTTP response headers used in communication between the server and client which can be implemented to improve security against well documented vulnerabilities. For example, the `Content-Security-Policy` security header allows admins to permissively control the types of resources allowed to load for a page.
+A lack of the HTTP response header for Content Security Policy (CSP) can lead to sensitive user data being retrieved by an attacker and increases the attack surface for Cross-Site Scripting (XSS) and clickjacking attacks. There are multiple HTTP response headers used in communication between the server and client which can be implemented to improve security against well documented vulnerabilities. For example, the `Content-Security-Policy` security header allows admins to permissively control the types of resources allowed to load for a page.
 
 An advanced attacker can leverage a missing `Content-Security-Policy` header to launch XSS attacks and execute malicious code in a user’s browser.
 

diff --git a/...ration/lack_of_security_headers/content_security_policy_report_only/template.md b/...ration/lack_of_security_headers/content_security_policy_report_only/template.md
@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-A lack of the HTTP response header for `Content-Security-Policy-Report-Only` can lead to sensitive user data being retrieved by an attacker through Cross-Site Scripting (XSS) and click-jacking attacks without being detected. There are multiple HTTP response headers used in communication between the server and client which can be implemented to improve security against well documented vulnerabilities. For example, the `Content-Security-Policy-Report-Only` security header allows for a report to be generated each time the browser detects a violation from the Content Security Policy (CSP).
+A lack of the HTTP response header for `Content-Security-Policy-Report-Only` can lead to sensitive user data being retrieved by an attacker through Cross-Site Scripting (XSS) and clickjacking attacks without being detected. There are multiple HTTP response headers used in communication between the server and client which can be implemented to improve security against well documented vulnerabilities. For example, the `Content-Security-Policy-Report-Only` security header allows for a report to be generated each time the browser detects a violation from the Content Security Policy (CSP).
 
 An advanced attacker can leverage a missing `Content-Security-Policy-Report-Only` header to launch XSS attacks and execute malicious code in a user’s browser without detection.
 

diff --git a/...scription/server_security_misconfiguration/lack_of_security_headers/template.md b/...scription/server_security_misconfiguration/lack_of_security_headers/template.md
@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-A lack of HTTP response security headers can lead to sensitive user data being retrieved by an attacker through Cross-Site Scripting (XSS), Machine-in-the-Middle (MitM), click-jacking, and some local network attacks. There are multiple HTTP response headers used in communication between the server and client which can be implemented to improve security against well documented vulnerabilities.
+A lack of HTTP response security headers can lead to sensitive user data being retrieved by an attacker through Cross-Site Scripting (XSS), Man-in-the-Middle (MitM), clickjacking, and some local network attacks. There are multiple HTTP response headers used in communication between the server and client which can be implemented to improve security against well documented vulnerabilities.
 
 An advanced attacker can leverage a missing security headers to bypass security controls of an application to execute code within a user's browser or capture data in transit.
 

diff --git a/...misconfiguration/lack_of_security_headers/x_content_security_policy/template.md b/...misconfiguration/lack_of_security_headers/x_content_security_policy/template.md
@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-A lack of the HTTP response header for `X-Content-Security-Policy` can lead to sensitive user data being retrieved by an attacker and increases the attack surface for Cross-Site Scripting (XSS) and click-jacking attacks. There are multiple HTTP response headers used in communication between the server and client which can be implemented to improve security against well documented vulnerabilities. For example, the `X-Content-Security-Policy` security header allows admins to permissively control the types of resources allowed to load for a page.
+A lack of the HTTP response header for `X-Content-Security-Policy` can lead to sensitive user data being retrieved by an attacker and increases the attack surface for Cross-Site Scripting (XSS) and clickjacking attacks. There are multiple HTTP response headers used in communication between the server and client which can be implemented to improve security against well documented vulnerabilities. For example, the `X-Content-Security-Policy` security header allows admins to permissively control the types of resources allowed to load for a page.
 
 An advanced attacker can leverage a missing `X-Content-Security-Policy` header to launch XSS attacks and execute malicious code in a user’s browser.
 

diff --git a/..._security_misconfiguration/lack_of_security_headers/x_frame_options/template.md b/..._security_misconfiguration/lack_of_security_headers/x_frame_options/template.md
@@ -4,11 +4,11 @@
 
 A lack of the HTTP response header for `X-Frame-Options` can lead to sensitive user data being retrieved by an attacker. There are multiple HTTP response headers used in communication between the server and client which can be implemented to improve security against well documented vulnerabilities. For example, the `X-Frame-Options` security header is used to instruct a browser whether it should or should not render an `<iframe>`, `<frame>`, `<embed>`, or `<object>` tag.
 
-An advanced attacker can leverage a missing `X-Frame-Options` header to render an `<iframe>`, `<frame>`, `<embed>`, or `<object>` tag to bypass Same Origin Policy (SOP) and read data, or to exploit a click-jacking attack.
+An advanced attacker can leverage a missing `X-Frame-Options` header to render an `<iframe>`, `<frame>`, `<embed>`, or `<object>` tag to bypass Same Origin Policy (SOP) and read data, or to exploit a clickjacking attack.
 
 ## Business Impact
 
-Not having an `X-Frame-Options` header can lead to reputational damage and indirect financial loss to the business due to an advanced attacker’s ability to access data through a click-jacking attack, or via bypassing the SOP. The degree of impact is dependent on the sensitivity of data being transmitted over the wire and the sophistication of the attacker’s abilities.
+Not having an `X-Frame-Options` header can lead to reputational damage and indirect financial loss to the business due to an advanced attacker’s ability to access data through a clickjacking attack, or via bypassing the SOP. The degree of impact is dependent on the sensitivity of data being transmitted over the wire and the sophistication of the attacker’s abilities.
 
 ## Steps to Reproduce