Vulnerabilities (CVE)

Filtered by CWE-1021
Total 280 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-5020 2 Ibm, Linux 2 Spectrum Protect Plus, Linux Kernel 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 193656.
CVE-2020-4785 1 Ibm 1 App Connect Enterprise Certified Container 2024-11-21 4.9 MEDIUM 5.4 MEDIUM
IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 189219.
CVE-2020-4727 1 Ibm 1 Infosphere Information Server 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
CVE-2020-4644 1 Ibm 1 Planning Analytics Local 2024-11-21 5.8 MEDIUM 5.4 MEDIUM
IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 185716.
CVE-2020-4547 1 Ibm 11 Collaborative Lifecycle Management, Engineering Insights, Engineering Lifecycle Management and 8 more 2024-11-21 3.5 LOW 5.4 MEDIUM
IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315.
CVE-2020-4406 3 Ibm, Linux, Microsoft 5 Aix, Spectrum Protect Client, Spectrum Protect For Space Management and 2 more 2024-11-21 3.5 LOW 5.4 MEDIUM
IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 179488.
CVE-2020-4322 1 Ibm 1 Security Secret Server 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
IBM Security Secret Server 10.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 177511.
CVE-2020-4195 1 Ibm 1 Api Connect 2024-11-21 3.5 LOW 5.4 MEDIUM
IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 174859.
CVE-2020-4165 2 Ibm, Linux 2 Security Guardium Insights, Linux Kernel 2024-11-21 3.5 LOW 5.4 MEDIUM
IBM Security Guardium Insights 2.0.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 174401.
CVE-2020-35735 1 Vidyo 1 Vidyo 2024-11-21 4.3 MEDIUM 4.7 MEDIUM
Vidyo 02-09-/D allows clickjacking via the portal/ URI.
CVE-2020-2105 1 Jenkins 1 Jenkins 2024-11-21 4.3 MEDIUM 5.4 MEDIUM
REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks.
CVE-2020-28218 1 Schneider-electric 2 Easergy T300, Easergy T300 Firmware 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to trick a user into initiating an unintended action.
CVE-2020-27059 1 Google 1 Android 2024-11-21 4.4 MEDIUM 7.8 HIGH
In onAuthenticated of AuthenticationClient.java, there is a possible tapjacking attack when requesting the user's fingerprint due to an overlaid window. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.0, Android-8.1, Android-9, Android-10, 11; Android ID: A-159249069.
CVE-2020-26962 1 Mozilla 1 Firefox 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox < 83.
CVE-2020-26953 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
CVE-2020-24711 1 Getgophish 1 Gophish 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack
CVE-2020-1728 2 Quarkus, Redhat 2 Quarkus, Keycloak 2024-11-21 5.8 MEDIUM 4.8 MEDIUM
A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors.
CVE-2020-16033 1 Google 1 Chrome 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
Inappropriate implementation in WebUSB in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to spoof security UI via a crafted HTML page.
CVE-2020-16032 1 Google 1 Chrome 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
Insufficient data validation in sharing in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2020-16031 1 Google 1 Chrome 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
Insufficient data validation in UI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.