CVE-2018-6909

A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by triggering an API page request. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt