Vulnerabilities (CVE)

Filtered by CWE-1021
Total 279 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-0780 1 Agentejo 1 Cockpit 2024-02-28 N/A 5.4 MEDIUM
Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev.
CVE-2022-3034 1 Mozilla 1 Thunderbird 2024-02-28 N/A 4.3 MEDIUM
When receiving an HTML email that specified to load an <code>iframe</code> element from a remote location, a request to the remote document was sent. However, Thunderbird didn't display the document. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.
CVE-2023-0057 2 Pyload, Pyload-ng Project 2 Pyload, Pyload-ng 2024-02-28 N/A 6.1 MEDIUM
Improper Restriction of Rendered UI Layers or Frames in GitHub repository pyload/pyload prior to 0.5.0b3.dev33.
CVE-2022-20214 1 Google 1 Android 2024-02-28 N/A 4.7 MEDIUM
In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. Attackers can overlay the toggle button to enable apps to modify system settings without user consent.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183411210
CVE-2022-32517 1 Schneider-electric 2 Conext Combox, Conext Combox Firmware 2024-02-28 N/A 6.5 MEDIUM
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames on external addresses. Affected Products: Conextâ„¢ ComBox (All Versions)
CVE-2022-45418 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2024-02-28 N/A 6.1 MEDIUM
If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
CVE-2022-20213 1 Google 1 Android 2024-02-28 N/A 5.5 MEDIUM
In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183410508
CVE-2022-32891 1 Apple 4 Iphone Os, Safari, Tvos and 1 more 2024-02-28 N/A 6.1 MEDIUM
The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing.
CVE-2022-3260 1 Redhat 1 Openshift 2024-02-28 N/A 4.8 MEDIUM
The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks.
CVE-2022-20215 1 Google 1 Android 2024-02-28 N/A 5.5 MEDIUM
In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183794206
CVE-2022-45420 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2024-02-28 N/A 6.5 MEDIUM
Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
CVE-2022-20520 1 Google 1 Android 2024-02-28 N/A 7.8 HIGH
In onCreate of various files, there is a possible tapjacking/overlay attack. This could lead to local escalation of privilege or denial of server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203202
CVE-2022-46695 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2024-02-28 N/A 6.5 MEDIUM
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Visiting a website that frames malicious content may lead to UI spoofing.
CVE-2023-20913 1 Google 1 Android 2024-02-28 N/A 7.8 HIGH
In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246933785
CVE-2022-20226 1 Google 1 Android 2024-02-28 3.3 LOW 3.9 LOW
In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213644870
CVE-2022-34162 1 Ibm 1 Cics Tx 2024-02-28 N/A 6.1 MEDIUM
IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 229332.
CVE-2022-28889 1 Apache 1 Druid 2024-02-28 4.3 MEDIUM 4.3 MEDIUM
In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.
CVE-2022-22503 1 Ibm 2 Robotic Process Automation, Robotic Process Automation As A Service 2024-02-28 N/A 6.1 MEDIUM
IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 227125.
CVE-2022-20212 1 Google 1 Android 2024-02-28 4.4 MEDIUM 7.8 HIGH
In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-182282630
CVE-2022-42799 3 Apple, Debian, Fedoraproject 8 Ipados, Iphone Os, Macos and 5 more 2024-02-28 N/A 6.1 MEDIUM
The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing.