Vulnerabilities (CVE)

Filtered by CWE-1021
Total 280 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-9942 1 Apple 2 Mac Os X, Safari 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, Safari 13.1.2. Visiting a malicious website may lead to address bar spoofing.
CVE-2020-9517 1 Microfocus 1 Service Manager 2024-11-21 4.9 MEDIUM 5.4 MEDIUM
There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks.
CVE-2020-9444 1 Zulip 1 Zulip Server 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality.
CVE-2020-7705 1 Mintegral 1 Mintegraladsdk 2024-11-21 5.8 MEDIUM 7.1 HIGH
This affects the package MintegralAdSDK from 0.0.0. The SDK distributed by the company contains malicious functionality that tracks any URL opened by the app and reports it back to the company, along with performing advertisement attribution fraud. Mintegral can remotely activate hooks on the UIApplication, openURL, SKStoreProductViewController, loadProductWithParameters and NSURLProtocol methods along with anti-debug and proxy detection protection. If those hooks are active MintegralAdSDK sends obfuscated data about every opened URL in an application to their servers. Note that the malicious functionality is enabled even if the SDK was not enabled to serve ads.
CVE-2020-7371 1 Raiseitsolutions 1 Rits Browser 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects the RITS Browser version 3.3.9 and prior versions.
CVE-2020-6827 2 Google, Mozilla 2 Android, Firefox Esr 2024-11-21 4.3 MEDIUM 4.7 MEDIUM
When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI. <br> *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.7.
CVE-2020-6547 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Incorrect security UI in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially obtain sensitive information via a crafted HTML page.
CVE-2020-5679 1 Ec-cube 1 Ec-cube 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted.
CVE-2020-5020 2 Ibm, Linux 2 Spectrum Protect Plus, Linux Kernel 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 193656.
CVE-2020-4785 1 Ibm 1 App Connect Enterprise Certified Container 2024-11-21 4.9 MEDIUM 5.4 MEDIUM
IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 189219.
CVE-2020-4727 1 Ibm 1 Infosphere Information Server 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
CVE-2020-4644 1 Ibm 1 Planning Analytics Local 2024-11-21 5.8 MEDIUM 5.4 MEDIUM
IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 185716.
CVE-2020-4547 1 Ibm 11 Collaborative Lifecycle Management, Engineering Insights, Engineering Lifecycle Management and 8 more 2024-11-21 3.5 LOW 5.4 MEDIUM
IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315.
CVE-2020-4406 3 Ibm, Linux, Microsoft 5 Aix, Spectrum Protect Client, Spectrum Protect For Space Management and 2 more 2024-11-21 3.5 LOW 5.4 MEDIUM
IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 179488.
CVE-2020-4322 1 Ibm 1 Security Secret Server 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
IBM Security Secret Server 10.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 177511.
CVE-2020-4195 1 Ibm 1 Api Connect 2024-11-21 3.5 LOW 5.4 MEDIUM
IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 174859.
CVE-2020-4165 2 Ibm, Linux 2 Security Guardium Insights, Linux Kernel 2024-11-21 3.5 LOW 5.4 MEDIUM
IBM Security Guardium Insights 2.0.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 174401.
CVE-2020-35735 1 Vidyo 1 Vidyo 2024-11-21 4.3 MEDIUM 4.7 MEDIUM
Vidyo 02-09-/D allows clickjacking via the portal/ URI.
CVE-2020-2105 1 Jenkins 1 Jenkins 2024-11-21 4.3 MEDIUM 5.4 MEDIUM
REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks.
CVE-2020-28218 1 Schneider-electric 2 Easergy T300, Easergy T300 Firmware 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to trick a user into initiating an unintended action.