CVE-2024-29981
4.3MEDIUM
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
4/4/2024CWE-1021, CWE-1021
Тип уязвимости
CWE-1021
Все уязвимости CVE, классифицированные под этим типом уязвимости.
Посмотреть на MITRE CWEВсего CVE
50
Критические
0
В KEV
0
С эксплойтами
0
CVE-2022-46061
6.1MEDIUM
AeroCMS v0.0.1 is vulnerable to ClickJacking.
AeroCMS v0.0.1 is vulnerable to ClickJacking.
12/13/2022CWE-1021, CWE-1021
CVE-2022-3260
4.8MEDIUM
The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks.
The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks.
12/8/2022CWE-1021, CWE-1021 +1
CVE-2021-3734
8.8HIGH
yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames
yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames
8/26/2021CWE-1021, CWE-352 +1
CVE-2021-3799
5.4MEDIUM
grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames
grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames
9/27/2021CWE-1021, CWE-1021
CVE-2020-28218
6.5MEDIUM
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to trick a user into initiating an unintend
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to trick a user into initiating an unintend...
12/11/2020CWE-1021
CVE-2022-1803
6.9MEDIUM
Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2.
Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2.
5/20/2022CWE-1021, CWE-1021
CVE-2022-32517
6.5MEDIUM
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an uninte
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an uninte...
1/30/2023CWE-1021
CVE-2022-28649
4.6MEDIUM
In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description
In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description
4/5/2022CWE-1021, CWE-1021
CVE-2022-22807
7.4HIGH
A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use t
A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use t...
2/9/2022CWE-1021, CWE-1021
CVE-2024-2613
7.5HIGH
Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. This vulnerability affects Firefox < 124.
Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. This vulnerability affects Firefox < 124.
3/19/2024CWE-1021, CWE-1021
CVE-2022-43378
6.5MEDIUM
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause the user to be tricked into performing unintended actions when external address frames are
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause the user to be tricked into performing unintended actions when external address frames are...
4/18/2023CWE-1021
CVE-2023-7013
4.7MEDIUM
Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Me
Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Me...
7/16/2024CWE-1021, CWE-1021
CVE-2025-1019
4.3MEDIUM
The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack. This vulnerability affects Firefox < 135
The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack. This vulnerability affects Firefox < 135 ...
2/4/2025CWE-1021, CWE-1021
CVE-2025-1018
5.3MEDIUM
The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability affects
The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability affects...
2/4/2025CWE-1021, CWE-1021
CVE-2022-36182
6.1MEDIUM
Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions o
Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions o...
10/27/2022CWE-1021, CWE-1021
CVE-2022-33727
4.8MEDIUM
A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack.
A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack.
8/5/2022CWE-1021, CWE-1021
CVE-2022-33723
4.8MEDIUM
A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack.
A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack.
8/5/2022CWE-1021, CWE-1021
CVE-2022-28889
4.3MEDIUM
In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.
In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.
7/7/2022CWE-1021, CWE-1021
CVE-2022-22552
6.9MEDIUM
Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unauthenticated attacker could potentially exploit this vulnerability to trick the victim into executing
Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unauthenticated attacker could potentially exploit this vulnerability to trick the victim into executing ...
1/21/2022CWE-1021, CWE-1021
CVE-2024-26167
4.3MEDIUM
Microsoft Edge for Android Spoofing Vulnerability
Microsoft Edge for Android Spoofing Vulnerability
3/7/2024CWE-1021
CVE-2019-15930
4.3MEDIUM
Intesync Solismed 3.3sp allows Clickjacking.
Intesync Solismed 3.3sp allows Clickjacking.
12/12/2019CWE-1021
CVE-2022-2179
6.5MEDIUM
The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks.
The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks.
7/20/2022CWE-1021, CWE-1021
CVE-2024-57369
6.4MEDIUM
Clickjacking vulnerability in typecho v1.2.1.
Clickjacking vulnerability in typecho v1.2.1.
1/17/2025CWE-1021
CVE-2019-17131
4.3MEDIUM
vBulletin before 5.5.4 allows clickjacking.
vBulletin before 5.5.4 allows clickjacking.
10/4/2019CWE-1021
CVE-2023-5103
4.3MEDIUM
Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an ac
Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an ac...
10/9/2023CWE-1021, CWE-1021
CVE-2022-32919
4.7MEDIUM
The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames malicious content may lead to UI spoofing.
The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames malicious content may lead to UI spoofing.
1/10/2024CWE-1021, CWE-1021
CVE-2022-29911
6.1MEDIUM
An improper implementation of the new iframe sandbox keyword <code>allow-top-navigation-by-user-activation</code> could lead to script execution without <code>allow-scripts</code> being present. This
An improper implementation of the new iframe sandbox keyword <code>allow-top-navigation-by-user-activation</code> could lead to script execution without <code>allow-scripts</code> being present. This ...
12/22/2022CWE-1021, CWE-1021
CVE-2022-28286
5.4MEDIUM
Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.8, Firefo
Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.8, Firefo...
12/22/2022CWE-1021, CWE-1021
CVE-2021-3731
5.9MEDIUM
LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions.
LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions.
8/23/2021CWE-1021, CWE-1021
CVE-2025-48597
7.8HIGH
In multiple locations, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execu
In multiple locations, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execu...
12/8/2025CWE-1021, CWE-1021
CVE-2024-49796
5.4MEDIUM
IBM ApplinX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to
IBM ApplinX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to ...
2/6/2025CWE-1021, CWE-1021
CVE-2024-40817
6.1MEDIUM
The issue was addressed with improved UI handling. This issue is fixed in macOS Sonoma 14.6, Safari 17.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Visiting a website that frames malicious content
The issue was addressed with improved UI handling. This issue is fixed in macOS Sonoma 14.6, Safari 17.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Visiting a website that frames malicious content ...
7/29/2024CWE-1021, CWE-1021
CVE-2023-4229
4.3MEDIUM
A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, potentially exposing users to security risks. This vulnerability may allow attackers to tri
A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, potentially exposing users to security risks. This vulnerability may allow attackers to tri...
8/24/2023CWE-1021, CWE-1021
CVE-2022-20215
5.5MEDIUM
In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges
In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges...
1/26/2023CWE-1021, CWE-1021
CVE-2022-20214
4.7MEDIUM
In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. Attackers can overlay the toggle button to enable apps to modify system settings without user conse
In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. Attackers can overlay the toggle button to enable apps to modify system settings without user conse...
1/26/2023CWE-1021, CWE-1021
CVE-2022-20213
5.5MEDIUM
In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges ne
In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges ne...
1/26/2023CWE-1021, CWE-1021
CVE-2022-45420
6.5MEDIUM
Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resulting in potential user confusion or spoofing attacks. This vulne
Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resulting in potential user confusion or spoofing attacks. This vulne...
12/22/2022CWE-1021, CWE-1021
CVE-2022-45418
6.1MEDIUM
If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerab
If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerab...
12/22/2022CWE-1021, CWE-1021
CVE-2022-3034
4.3MEDIUM
When receiving an HTML email that specified to load an <code>iframe</code> element from a remote location, a request to the remote document was sent. However, Thunderbird didn't display the document.
When receiving an HTML email that specified to load an <code>iframe</code> element from a remote location, a request to the remote document was sent. However, Thunderbird didn't display the document. ...
12/22/2022CWE-1021, CWE-1021
CVE-2022-20553
6.5MEDIUM
In onCreate of LogAccessDialogActivity.java, there is a possible way to bypass a permission check due to a tapjacking/overlay attack. This could lead to local escalation of privilege with System execu
In onCreate of LogAccessDialogActivity.java, there is a possible way to bypass a permission check due to a tapjacking/overlay attack. This could lead to local escalation of privilege with System execu...
12/16/2022CWE-1021, CWE-1021
CVE-2022-20852
5.4MEDIUM
Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow a remote attacker to conduct a cross-site scripting (XSS) attack or a frame hijacking attack against a user of the web
Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow a remote attacker to conduct a cross-site scripting (XSS) attack or a frame hijacking attack against a user of the web...
8/10/2022CWE-1021, CWE-1021
CVE-2021-3660
4.3MEDIUM
Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used
Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used...
3/10/2022CWE-1021, CWE-1021
CVE-2020-13174
6.1MEDIUM
The web server in the Teradici Managament console versions 20.04 and 20.01.1 did not properly set the X-Frame-Options HTTP header, which could allow an attacker to trick a user into clicking a malicio
The web server in the Teradici Managament console versions 20.04 and 20.01.1 did not properly set the X-Frame-Options HTTP header, which could allow an attacker to trick a user into clicking a malicio...
8/11/2020CWE-1021, CWE-1021
CVE-2020-35735
4.7MEDIUM
Vidyo 02-09-/D allows clickjacking via the portal/ URI.
Vidyo 02-09-/D allows clickjacking via the portal/ URI.
12/29/2020CWE-1021
CVE-2025-28129
5.4MEDIUM
Phpgurukul Hostel Management System 2.1 is vulnerable to clickjacking.
Phpgurukul Hostel Management System 2.1 is vulnerable to clickjacking.
10/6/2025CWE-1021
CVE-2019-16175
4.3MEDIUM
A clickjacking vulnerability was found in Limesurvey before 3.17.14.
A clickjacking vulnerability was found in Limesurvey before 3.17.14.
9/9/2019CWE-1021
CVE-2024-9397
6.1MEDIUM
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 12
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 12...
10/1/2024CWE-1021, CWE-1021
CVE-2024-31324
7.3HIGH
In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. This could lead to
In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. This could lead to...
7/9/2024CWE-1021, CWE-1021
CVE-2024-1550
6.1MEDIUM
A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion
A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion...
2/20/2024CWE-1021, CWE-1021
Показано 50 из many CVE