Total
292 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40268 | 1 Mitsubishielectric | 5 Gt25, Gt25 Firmware, Gt27 and 2 more | 2023-02-09 | N/A | 4.7 MEDIUM |
| Improper Restriction of Rendered UI Layers or Frames vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a remote unauthenticated attacker to lead legitimate users to perform unintended operations through clickjacking. | |||||
| CVE-2022-32517 | 1 Schneider-electric | 2 Conext Combox, Conext Combox Firmware | 2023-02-07 | N/A | 6.5 MEDIUM |
| A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames on external addresses. Affected Products: Conextâ„¢ ComBox (All Versions) | |||||
| CVE-2019-4058 | 1 Ibm | 1 Bigfix Platform | 2023-02-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to manipulate the UI into exposing interface elements and information normally restricted to administrators. IBM X-Force ID: 156570. | |||||
| CVE-2023-0057 | 2 Pyload, Pyload-ng Project | 2 Pyload, Pyload-ng | 2023-01-11 | N/A | 6.1 MEDIUM |
| Improper Restriction of Rendered UI Layers or Frames in GitHub repository pyload/pyload prior to 0.5.0b3.dev33. | |||||
| CVE-2020-9993 | 1 Apple | 4 Ipados, Iphone Os, Safari and 1 more | 2023-01-09 | 4.3 MEDIUM | 4.3 MEDIUM |
| The issue was addressed with improved UI handling. This issue is fixed in watchOS 7.0, Safari 14.0, iOS 14.0 and iPadOS 14.0. Visiting a malicious website may lead to address bar spoofing. | |||||
| CVE-2021-43546 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2022-12-09 | 4.3 MEDIUM | 4.3 MEDIUM |
| It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | |||||
| CVE-2021-38508 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2022-12-09 | 4.3 MEDIUM | 4.3 MEDIUM |
| By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | |||||
| CVE-2021-38506 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2022-12-09 | 4.3 MEDIUM | 4.3 MEDIUM |
| Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | |||||
| CVE-2019-4109 | 1 Ibm | 1 Websphere Extreme Scale | 2022-12-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere eXtreme Scale 8.6 Admin Console could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 158102. | |||||
| CVE-2019-4086 | 1 Ibm | 1 Application Performance Management | 2022-12-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Cloud Application Performance Management 8.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 157509. | |||||
| CVE-2021-38509 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2022-12-09 | 4.3 MEDIUM | 4.3 MEDIUM |
| Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | |||||
| CVE-2022-22503 | 1 Ibm | 2 Robotic Process Automation, Robotic Process Automation As A Service | 2022-11-08 | N/A | 6.1 MEDIUM |
| IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 227125. | |||||
| CVE-2021-41657 | 1 Smartbear | 1 Collaborator | 2022-10-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack. | |||||
| CVE-2022-3167 | 1 Ikus-soft | 1 Rdiffweb | 2022-09-14 | N/A | 8.8 HIGH |
| Improper Restriction of Rendered UI Layers or Frames in GitHub repository ikus060/rdiffweb prior to 2.4.1. | |||||
| CVE-2020-13174 | 1 Teradici | 1 Pcoip Management Console | 2022-09-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| The web server in the Teradici Managament console versions 20.04 and 20.01.1 did not properly set the X-Frame-Options HTTP header, which could allow an attacker to trick a user into clicking a malicious link via clickjacking. | |||||
| CVE-2022-2965 | 1 Notrinos | 1 Notrinoserp | 2022-08-26 | N/A | 4.3 MEDIUM |
| Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7. | |||||
| CVE-2022-20331 | 1 Google | 1 Android | 2022-08-17 | N/A | 7.8 HIGH |
| In the Framework, there is a possible way to enable a work profile without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-181785557 | |||||
| CVE-2022-2800 | 1 Gym Management System Project | 1 Gym Management System | 2022-08-16 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Gym Management System. Affected by this issue is some unknown functionality. The manipulation leads to clickjacking. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-206246 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-33727 | 1 Google | 1 Android | 2022-08-12 | N/A | 6.1 MEDIUM |
| A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack. | |||||
| CVE-2022-33723 | 1 Google | 1 Android | 2022-08-12 | N/A | 6.1 MEDIUM |
| A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack. | |||||