Total
213 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27219 | 1 Siemens | 1 Sinema Remote Connect Server | 2022-06-23 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 443. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors. | |||||
| CVE-2017-20041 | 1 Ucweb | 1 Uc Browser | 2022-06-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability was found in Ucweb UC Browser 11.2.5.932. It has been classified as critical. Affected is an unknown function of the component HTML Handler. The manipulation of the argument title leads to improper restriction of rendered ui layers (URL). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2020-9942 | 1 Apple | 2 Mac Os X, Safari | 2022-06-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, Safari 13.1.2. Visiting a malicious website may lead to address bar spoofing. | |||||
| CVE-2020-9945 | 1 Apple | 2 Mac Os X, Safari | 2022-06-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, Safari 14.0.1. Visiting a malicious website may lead to address bar spoofing. | |||||
| CVE-2021-46708 | 1 Smartbear | 1 Swagger Ui | 2022-06-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. | |||||
| CVE-2022-1803 | 1 Trudesk Project | 1 Trudesk | 2022-06-01 | 4.9 MEDIUM | 6.9 MEDIUM |
| Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2. | |||||
| CVE-2021-23976 | 1 Mozilla | 1 Firefox | 2022-05-27 | 5.8 MEDIUM | 8.1 HIGH |
| When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on targeted websites. Note: This issue is a different issue from CVE-2020-26954 and only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 86. | |||||
| CVE-2021-27773 | 1 Hcltech | 1 Sametime | 2022-05-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| This vulnerability allows users to execute a clickjacking attack in the meeting's chat. | |||||
| CVE-2021-39796 | 1 Google | 1 Android | 2022-04-20 | 6.9 MEDIUM | 7.3 HIGH |
| In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there is a possible way to trick victim to install harmful app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205595291 | |||||
| CVE-2022-28649 | 1 Jetbrains | 1 Youtrack | 2022-04-18 | 3.5 LOW | 5.4 MEDIUM |
| In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description | |||||
| CVE-2021-44683 | 1 Duckduckgo | 1 Duckduckgo | 2022-03-31 | 5.8 MEDIUM | 8.2 HIGH |
| The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function (used to open a secondary browser window). This could be exploited by tricking users into supplying sensitive information such as credentials, because the address bar would display a legitimate URL, but content would be hosted on the attacker's web site. | |||||
| CVE-2021-37971 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-03-30 | 4.3 MEDIUM | 4.3 MEDIUM |
| Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2021-39692 | 1 Google | 1 Android | 2022-03-23 | 9.3 HIGH | 7.8 HIGH |
| In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209611539 | |||||
| CVE-2021-39702 | 1 Google | 1 Android | 2022-03-23 | 9.3 HIGH | 7.8 HIGH |
| In onCreate of RequestManageCredentials.java, there is a possible way for a third party app to install certificates without user approval due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-205150380 | |||||
| CVE-2022-24733 | 1 Sylius | 1 Sylius | 2022-03-22 | 5.8 MEDIUM | 6.1 MEDIUM |
| Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, it is possible for a page controlled by an attacker to load the website within an iframe. This will enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. Every response from app should have an X-Frame-Options header set to: ``sameorigin``. To achieve that, add a new `subscriber` in the app. | |||||
| CVE-2021-27414 | 1 Abb | 1 Ellipse Enterprise Asset Management | 2022-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials. | |||||
| CVE-2021-39038 | 1 Ibm | 1 Websphere Application Server | 2022-03-03 | 3.5 LOW | 5.4 MEDIUM |
| IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 213968. | |||||
| CVE-2008-2716 | 1 Opera | 1 Opera Browser | 2022-03-01 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Opera before 9.5 allows remote attackers to spoof the contents of trusted frames on the same parent page by modifying the location, which can facilitate phishing attacks. | |||||
| CVE-2011-1244 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2022-02-28 | 5.8 MEDIUM | N/A |
| Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability." | |||||
| CVE-2005-2407 | 1 Opera | 1 Opera Browser | 2022-02-28 | 5.1 MEDIUM | N/A |
| A design error in Opera 8.01 and earlier allows user-assisted attackers to execute arbitrary code by overlaying a malicious new window above a file download dialog box, then tricking the user into double-clicking on the "Run" button, aka "link hijacking". | |||||