Vulnerabilities (CVE)

Filtered by CWE-1021
Total 279 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-2734 1 Open-emr 1 Openemr 2024-02-28 N/A 5.4 MEDIUM
Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1.
CVE-2022-1138 1 Google 1 Chrome 2024-02-28 N/A 6.5 MEDIUM
Inappropriate implementation in Web Cursor in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who had compromised the renderer process to obscure the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2022-2179 1 Rockwellautomation 4 Micrologix 1100, Micrologix 1100 Firmware, Micrologix 1400 and 1 more 2024-02-28 N/A 6.5 MEDIUM
The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks.
CVE-2022-20852 1 Cisco 1 Webex Meetings 2024-02-28 N/A 6.5 MEDIUM
Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow a remote attacker to conduct a cross-site scripting (XSS) attack or a frame hijacking attack against a user of the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2022-33723 1 Google 1 Android 2024-02-28 N/A 6.1 MEDIUM
A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack.
CVE-2022-2800 1 Gym Management System Project 1 Gym Management System 2024-02-28 N/A 6.1 MEDIUM
A vulnerability, which was classified as problematic, has been found in SourceCodester Gym Management System. Affected by this issue is some unknown functionality. The manipulation leads to clickjacking. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-206246 is the identifier assigned to this vulnerability.
CVE-2022-33727 1 Google 1 Android 2024-02-28 N/A 6.1 MEDIUM
A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack.
CVE-2022-36182 1 Hashicorp 1 Boundary 2024-02-28 N/A 6.1 MEDIUM
Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site.
CVE-2022-20331 1 Google 1 Android 2024-02-28 N/A 7.8 HIGH
In the Framework, there is a possible way to enable a work profile without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-181785557
CVE-2022-2965 1 Notrinos 1 Notrinoserp 2024-02-28 N/A 4.3 MEDIUM
Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7.
CVE-2022-3167 1 Ikus-soft 1 Rdiffweb 2024-02-28 N/A 8.8 HIGH
Improper Restriction of Rendered UI Layers or Frames in GitHub repository ikus060/rdiffweb prior to 2.4.1.
CVE-2021-39038 1 Ibm 1 Websphere Application Server 2024-02-28 3.5 LOW 5.4 MEDIUM
IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 213968.
CVE-2021-44683 1 Duckduckgo 1 Duckduckgo 2024-02-28 5.8 MEDIUM 8.2 HIGH
The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function (used to open a secondary browser window). This could be exploited by tricking users into supplying sensitive information such as credentials, because the address bar would display a legitimate URL, but content would be hosted on the attacker's web site.
CVE-2021-27773 1 Hcltech 1 Sametime 2024-02-28 4.3 MEDIUM 4.3 MEDIUM
This vulnerability allows users to execute a clickjacking attack in the meeting's chat.
CVE-2021-3660 2 Cockpit-project, Redhat 2 Cockpit, Enterprise Linux 2024-02-28 4.3 MEDIUM 4.3 MEDIUM
Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks.
CVE-2022-0455 1 Google 2 Android, Chrome 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 98.0.4758.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2022-22807 1 Schneider-electric 14 Hmibscea53d1edb, Hmibscea53d1edb Firmware, Hmibscea53d1edl and 11 more 2024-02-28 4.3 MEDIUM 7.4 HIGH
A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13)
CVE-2017-20041 1 Ucweb 1 Uc Browser 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
A vulnerability was found in Ucweb UC Browser 11.2.5.932. It has been classified as critical. Affected is an unknown function of the component HTML Handler. The manipulation of the argument title leads to improper restriction of rendered ui layers (URL). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2021-39702 1 Google 1 Android 2024-02-28 9.3 HIGH 7.8 HIGH
In onCreate of RequestManageCredentials.java, there is a possible way for a third party app to install certificates without user approval due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-205150380
CVE-2022-27220 1 Siemens 1 Sinema Remote Connect Server 2024-02-28 4.3 MEDIUM 4.3 MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 6220. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors.