Report #27100

Report Date
December 20, 2023

Clickjacking Vulnerability on https://basin.exchange/

Report Info

Report ID


Report type

Websites and Applications

Has PoC?




  • Persistent content spoofing / text injection issues


Hello Team,

I hope you are doing well. I found another security issue on https://basin.exchange/. See the details below

A clickjacking vulnerability has been identified on the https://basin.exchange/ platform. Clickjacking is a security vulnerability that allows an attacker to trick users into clicking on elements unknowingly, potentially leading to unintended actions being performed


Clickjacking vulnerabilities can lead to unauthorized actions, potential data exposure. This poses a risk to the integrity and security of user interactions on the basin.exchange platform


Implement measures to mitigate clickjacking vulnerabilities, such as adding the X-Frame-Options header to prevent the platform from being embedded within iframes or frames on malicious websites. Additionally, review and update the platform's frontend code to ensure that user interactions are properly validated and protected against clickjacking attacks

Steps to Reproduce

  1. Open https://www.clickjackingtest.com/ (My own web to test iframe)
  2. Enter the URL : https://basin.exchange/ and click on submit

Observe the web app https://basin.exchange/ is embedded in iframe


BIC Response

This is not a valid bug report because the reported behavior is not considered content spoofing. The website is open source and anyone can deploy it at any domain, let alone embed the existing one into another site as an iframe.

Due to these reasons, we are closing the submission and no reward will be issued.