Total
213 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-3639 | 1 Mcafee | 1 Web Gateway | 2020-08-24 | 5.8 MEDIUM | 7.1 HIGH |
| Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjacking attacks via a crafted web page that contains an iframe via does not send an X-Frame-Options HTTP header. | |||||
| CVE-2019-2125 | 1 Google | 1 Android | 2020-08-24 | 4.4 MEDIUM | 7.3 HIGH |
| In ChangeDefaultDialerDialog.java, there is a possible escalation of privilege due to an overlay attack. This could lead to local escalation of privilege, granting privileges to a local app without the user's informed consent, with no additional privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-132275252. | |||||
| CVE-2013-5614 | 7 Canonical, Fedoraproject, Mozilla and 4 more | 16 Ubuntu Linux, Fedora, Firefox and 13 more | 2020-08-21 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site. | |||||
| CVE-2014-1480 | 5 Canonical, Mozilla, Opensuse and 2 more | 8 Ubuntu Linux, Firefox, Seamonkey and 5 more | 2020-08-21 | 4.3 MEDIUM | N/A |
| The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site. | |||||
| CVE-2020-15648 | 1 Mozilla | 2 Firefox, Thunderbird | 2020-08-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird < 78 and Firefox < 78.0.2. | |||||
| CVE-2019-4323 | 1 Hcltech | 1 Appscan | 2020-07-15 | 4.3 MEDIUM | 4.3 MEDIUM |
| "HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame." | |||||
| CVE-2020-4322 | 1 Ibm | 1 Security Secret Server | 2020-06-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Security Secret Server 10.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 177511. | |||||
| CVE-2020-4406 | 3 Ibm, Linux, Microsoft | 5 Aix, Spectrum Protect Client, Spectrum Protect For Space Management and 2 more | 2020-06-18 | 3.5 LOW | 5.4 MEDIUM |
| IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 179488. | |||||
| CVE-2020-4195 | 1 Ibm | 1 Api Connect | 2020-05-12 | 3.5 LOW | 5.4 MEDIUM |
| IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 174859. | |||||
| CVE-2020-6827 | 2 Google, Mozilla | 2 Android, Firefox Esr | 2020-05-01 | 4.3 MEDIUM | 4.7 MEDIUM |
| When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI. <br> *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.7. | |||||
| CVE-2020-9444 | 1 Zulip | 1 Zulip Server | 2020-04-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality. | |||||
| CVE-2019-19001 | 1 Abb | 1 Esoms | 2020-04-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials. | |||||
| CVE-2020-2105 | 1 Jenkins | 1 Jenkins | 2020-03-16 | 4.3 MEDIUM | 5.4 MEDIUM |
| REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks. | |||||
| CVE-2015-5686 | 1 Puppet | 1 Puppet Enterprise | 2020-03-02 | 6.8 MEDIUM | 8.8 HIGH |
| Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. This would allow an attacker to redirect user input to an untrusted site or hijack a user session. | |||||
| CVE-2013-5594 | 1 Mozilla | 1 Firefox | 2020-02-27 | 4.3 MEDIUM | 4.3 MEDIUM |
| Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml binding | |||||
| CVE-2020-0014 | 1 Google | 1 Android | 2020-02-19 | 4.3 MEDIUM | 5.5 MEDIUM |
| It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable. This could lead to a local escalation of privilege with no additional execution privileges needed. User action is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-128674520 | |||||
| CVE-2016-5710 | 1 Netapp | 1 Snap Creator Framework | 2020-02-13 | 3.5 LOW | 4.6 MEDIUM |
| NetApp Snap Creator Framework before 4.3P1 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. | |||||
| CVE-2013-2675 | 1 Brother | 2 Mfc-9970cdw, Mfc-9970cdw Firmware | 2020-02-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Brother MFC-9970CDW 1.10 devices with Firmware L contain a Frameable response (Clickjacking) vulnerability which could allow remote attackers to obtain sensitive information. | |||||
| CVE-2013-2682 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2020-02-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vulnerability which allows remote attackers to obtain sensitive information. | |||||
| CVE-2019-4548 | 1 Ibm | 1 Security Directory Server | 2020-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Security Directory Server 6.4.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 165950. | |||||