Total
270 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3260 | 1 Redhat | 1 Openshift | 2022-12-12 | 4.8 Medium |
| The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. | ||||
| CVE-2021-43546 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2022-12-09 | 4.3 Medium |
| It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | ||||
| CVE-2021-38508 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2022-12-09 | 4.3 Medium |
| By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | ||||
| CVE-2021-38506 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2022-12-09 | 4.3 Medium |
| Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | ||||
| CVE-2019-4109 | 1 Ibm | 1 Websphere Extreme Scale | 2022-12-09 | 6.1 Medium |
| IBM WebSphere eXtreme Scale 8.6 Admin Console could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 158102. | ||||
| CVE-2019-4086 | 1 Ibm | 1 Application Performance Management | 2022-12-09 | 6.1 Medium |
| IBM Cloud Application Performance Management 8.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 157509. | ||||
| CVE-2021-38509 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2022-12-09 | 4.3 Medium |
| Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | ||||
| CVE-2022-22503 | 1 Ibm | 2 Robotic Process Automation, Robotic Process Automation As A Service | 2022-11-08 | 6.1 Medium |
| IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 227125. | ||||
| CVE-2022-36182 | 1 Hashicorp | 1 Boundary | 2022-10-31 | 6.1 Medium |
| Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site. | ||||
| CVE-2021-41657 | 1 Smartbear | 1 Collaborator | 2022-10-07 | 6.1 Medium |
| SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack. | ||||
| CVE-2018-7491 | 1 Prestashop | 1 Prestashop | 2022-10-03 | N/A |
| In PrestaShop through 1.7.2.5, a UI-Redressing/Clickjacking vulnerability was found that might lead to state-changing impact in the context of a user or an admin, because the generateHtaccess function in classes/Tools.php sets neither X-Frame-Options nor 'Content-Security-Policy "frame-ancestors' values. | ||||
| CVE-2022-3167 | 1 Ikus-soft | 1 Rdiffweb | 2022-09-14 | 8.8 High |
| Improper Restriction of Rendered UI Layers or Frames in GitHub repository ikus060/rdiffweb prior to 2.4.1. | ||||
| CVE-2020-13174 | 1 Teradici | 1 Pcoip Management Console | 2022-09-02 | 6.1 Medium |
| The web server in the Teradici Managament console versions 20.04 and 20.01.1 did not properly set the X-Frame-Options HTTP header, which could allow an attacker to trick a user into clicking a malicious link via clickjacking. | ||||
| CVE-2022-2965 | 1 Notrinos | 1 Notrinoserp | 2022-08-26 | 4.3 Medium |
| Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7. | ||||
| CVE-2022-20331 | 1 Google | 1 Android | 2022-08-17 | 7.8 High |
| In the Framework, there is a possible way to enable a work profile without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-181785557 | ||||
| CVE-2022-2800 | 1 Gym Management System Project | 1 Gym Management System | 2022-08-16 | 6.1 Medium |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Gym Management System. Affected by this issue is some unknown functionality. The manipulation leads to clickjacking. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-206246 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-33727 | 1 Google | 1 Android | 2022-08-12 | 6.1 Medium |
| A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack. | ||||
| CVE-2022-33723 | 1 Google | 1 Android | 2022-08-12 | 6.1 Medium |
| A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack. | ||||
| CVE-2022-2734 | 1 Open-emr | 1 Openemr | 2022-08-12 | 5.4 Medium |
| Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1. | ||||
| CVE-2022-34162 | 1 Ibm | 1 Cics Tx | 2022-08-06 | 6.1 Medium |
| IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 229332. | ||||