Major Description
The Pulse application is vulnerable to clickjacking. An attacker could frame in the web application and highjack a click, tricking a client into making an unintentional transaction. Attackers exploit this vulnerability by loading target pages in IFRAMEs but keeping them hidden, and then orienting the frame so that a user click on the embedding page is routed to a UI control on the embedded page. The attack will be hidden from the user and perpetrated without the user’s knowledge.