Understanding ClickJacking Vulnerability I have used Atlassian's clickjacking POC to explain. 1. https://www.atlassian.com/company/contact page was vulnerable. The image posted below shows that i am able to load it in my localhost. Why this is a critical issue? Using this, an attacker can make a victim to fill up random contact forms without any knowledge of the victim . This will result in a bunch of unnecessary contact tickets for the support team who will be handling these tickets. 2. This below link is also not X-Frame protected and hence vulnerable to clickjacking. http://blogs.atlassian.com/ Impact :- The victim without any idea can subscribe to the news feeds and may doubt Atlassian's integrity and security measures. 3. The blog posts are also not X-Frame protected for which the attacker may lure the victim to post random comments. URL :- http://blogs.atlassian.com/2013/12/building-b...