Total
270 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-18496 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2020-08-24 | N/A |
When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. *Note: This issue only affects Windows operating systems. Other operating systems are not affected.*. This vulnerability affects Firefox < 64. | ||||
CVE-2018-1803 | 1 Ibm | 1 Security Access Manager | 2020-08-24 | N/A |
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 149702. | ||||
CVE-2018-17192 | 1 Apache | 1 Nifi | 2020-08-24 | N/A |
The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. Mitigation: The fix to consistently apply the security headers was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release. | ||||
CVE-2013-5614 | 7 Canonical, Fedoraproject, Mozilla and 4 more | 16 Ubuntu Linux, Fedora, Firefox and 13 more | 2020-08-21 | N/A |
Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site. | ||||
CVE-2014-1480 | 5 Canonical, Mozilla, Opensuse and 2 more | 8 Ubuntu Linux, Firefox, Seamonkey and 5 more | 2020-08-21 | N/A |
The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site. | ||||
CVE-2020-15648 | 1 Mozilla | 2 Firefox, Thunderbird | 2020-08-12 | 6.5 Medium |
Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird < 78 and Firefox < 78.0.2. | ||||
CVE-2019-4323 | 1 Hcltech | 1 Appscan | 2020-07-23 | 4.3 Medium |
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame." | ||||
CVE-2020-4322 | 1 Ibm | 1 Security Secret Server | 2020-06-29 | 4.3 Medium |
IBM Security Secret Server 10.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 177511. | ||||
CVE-2020-4406 | 3 Ibm, Linux, Microsoft | 5 Aix, Spectrum Protect Client, Spectrum Protect For Space Management and 2 more | 2020-06-18 | 5.4 Medium |
IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 179488. | ||||
CVE-2020-4195 | 1 Ibm | 1 Api Connect | 2020-05-12 | 5.4 Medium |
IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 174859. | ||||
CVE-2020-6827 | 2 Google, Mozilla | 2 Android, Firefox Esr | 2020-05-01 | 4.7 Medium |
When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI. <br> *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.7. | ||||
CVE-2020-9444 | 1 Zulip | 1 Zulip Server | 2020-04-28 | 6.1 Medium |
Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality. | ||||
CVE-2015-5686 | 1 Puppet | 1 Puppet Enterprise | 2020-03-02 | 8.8 High |
Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. This would allow an attacker to redirect user input to an untrusted site or hijack a user session. | ||||
CVE-2013-5594 | 1 Mozilla | 1 Firefox | 2020-02-28 | 4.3 Medium |
Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml binding | ||||
CVE-2020-0014 | 1 Google | 1 Android | 2020-02-19 | 5.5 Medium |
It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable. This could lead to a local escalation of privilege with no additional execution privileges needed. User action is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-128674520 | ||||
CVE-2016-5710 | 1 Netapp | 1 Snap Creator Framework | 2020-02-13 | 4.6 Medium |
NetApp Snap Creator Framework before 4.3P1 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. | ||||
CVE-2013-2675 | 1 Brother | 2 Mfc-9970cdw, Mfc-9970cdw Firmware | 2020-02-11 | 6.5 Medium |
Brother MFC-9970CDW 1.10 devices with Firmware L contain a Frameable response (Clickjacking) vulnerability which could allow remote attackers to obtain sensitive information. | ||||
CVE-2013-2682 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2020-02-07 | 4.3 Medium |
Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vulnerability which allows remote attackers to obtain sensitive information. | ||||
CVE-2019-4548 | 1 Ibm | 1 Security Directory Server | 2020-02-05 | 6.1 Medium |
IBM Security Directory Server 6.4.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 165950. | ||||
CVE-2013-6772 | 1 Splunk | 1 Splunk | 2020-01-27 | 4.3 Medium |
Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking |