Total
279 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-29865 | 3 Ibm, Linux, Microsoft | 3 Jazz Team Server, Linux Kernel, Windows | 2024-02-28 | 4.9 MEDIUM | 5.4 MEDIUM |
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 206091. | |||||
CVE-2022-1803 | 1 Trudesk Project | 1 Trudesk | 2024-02-28 | 4.9 MEDIUM | 6.9 MEDIUM |
Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2. | |||||
CVE-2021-39796 | 1 Google | 1 Android | 2024-02-28 | 6.9 MEDIUM | 7.3 HIGH |
In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there is a possible way to trick victim to install harmful app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205595291 | |||||
CVE-2021-39669 | 1 Google | 1 Android | 2024-02-28 | 4.4 MEDIUM | 7.8 HIGH |
In onCreate of InstallCaCertificateWarning.java, there is a possible way to mislead an user about CA installation circumstances due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-196969991 | |||||
CVE-2022-28649 | 1 Jetbrains | 1 Youtrack | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description | |||||
CVE-2022-27219 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 443. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors. | |||||
CVE-2021-27414 | 1 Hitachienergy | 1 Ellipse Enterprise Asset Management | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials. | |||||
CVE-2022-24733 | 1 Sylius | 1 Sylius | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, it is possible for a page controlled by an attacker to load the website within an iframe. This will enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. Every response from app should have an X-Frame-Options header set to: ``sameorigin``. To achieve that, add a new `subscriber` in the app. | |||||
CVE-2021-46708 | 1 Smartbear | 1 Swagger-ui-dist | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. | |||||
CVE-2021-41657 | 1 Smartbear | 1 Collaborator | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack. | |||||
CVE-2021-39692 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209611539 | |||||
CVE-2022-0110 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
CVE-2021-39691 | 1 Google | 1 Android | 2024-02-28 | 6.9 MEDIUM | 7.3 HIGH |
In WindowManager, there is a possible tapjacking attack due to an incorrect window flag when processing user input. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-157929241 | |||||
CVE-2021-3799 | 1 Getgrav | 1 Grav-plugin-admin | 2024-02-28 | 5.8 MEDIUM | 5.4 MEDIUM |
grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames | |||||
CVE-2021-1036 | 1 Google | 1 Android | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
In LocationSettingsActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-182812255 | |||||
CVE-2021-1038 | 1 Google | 1 Android | 2024-02-28 | 4.7 MEDIUM | 5.5 MEDIUM |
In UserDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-183411279 | |||||
CVE-2021-34087 | 1 Ultimaker | 6 Ultimaker 3, Ultimaker 3 Firmware, Ultimaker S3 and 3 more | 2024-02-28 | 6.8 MEDIUM | 7.1 HIGH |
In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver can be used for clickjacking. This includes the settings page. | |||||
CVE-2021-40834 | 1 F-secure | 1 Safe | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
A user interface overlay vulnerability was discovered in F-secure SAFE Browser for Android. When user click on a specially crafted seemingly legitimate URL SAFE browser goes into full screen and hides the user interface. A remote attacker can leverage this to perform spoofing attack. | |||||
CVE-2021-38508 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | |||||
CVE-2021-38472 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2024-02-28 | 4.3 MEDIUM | 4.7 MEDIUM |
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 management portal does not contain an X-FRAME-OPTIONS header, which an attacker may take advantage of by sending a link to an administrator that frames the router’s management portal and could lure the administrator to perform changes. |