Vulnerability Details CVE-2018-6909
A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by triggering an API page request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.3%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
Products affected by CVE-2018-6909
-
cpe:2.3:a:rainmachine:rainmachine_web_application:-