Vulnerabilities (CVE)

Filtered by CWE-1021
Total 318 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-22503 1 Ibm 2 Robotic Process Automation, Robotic Process Automation As A Service 2024-11-21 N/A 6.1 MEDIUM
IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 227125.
CVE-2022-20852 1 Cisco 1 Webex Meetings 2024-11-21 N/A 5.4 MEDIUM
Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow a remote attacker to conduct a cross-site scripting (XSS) attack or a frame hijacking attack against a user of the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2022-20443 1 Google 1 Android 2024-11-21 N/A 7.8 HIGH
In hasInputInfo of Layer.cpp, there is a possible bypass of user interaction requirements due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-194480991
CVE-2022-20331 1 Google 1 Android 2024-11-21 N/A 7.8 HIGH
In the Framework, there is a possible way to enable a work profile without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-181785557
CVE-2022-20226 1 Google 1 Android 2024-11-21 3.3 LOW 3.9 LOW
In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213644870
CVE-2022-20212 1 Google 1 Android 2024-11-21 4.4 MEDIUM 7.8 HIGH
In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-182282630
CVE-2022-1803 1 Trudesk Project 1 Trudesk 2024-11-21 4.9 MEDIUM 6.9 MEDIUM
Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2.
CVE-2022-1138 1 Google 1 Chrome 2024-11-21 N/A 6.5 MEDIUM
Inappropriate implementation in Web Cursor in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who had compromised the renderer process to obscure the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2022-0455 1 Google 2 Android, Chrome 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 98.0.4758.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2022-0110 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2021-46708 1 Smartbear 1 Swagger-ui-dist 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
CVE-2021-44683 1 Duckduckgo 1 Duckduckgo 2024-11-21 5.8 MEDIUM 8.2 HIGH
The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function (used to open a secondary browser window). This could be exploited by tricking users into supplying sensitive information such as credentials, because the address bar would display a legitimate URL, but content would be hosted on the attacker's web site.
CVE-2021-43546 2 Debian, Mozilla 4 Debian Linux, Firefox, Firefox Esr and 1 more 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
CVE-2021-43048 1 Tibco 1 Partnerexpress 2024-11-21 10.0 HIGH 9.8 CRITICAL
The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO PartnerExpress: versions 6.2.1 and below.
CVE-2021-41657 1 Smartbear 1 Collaborator 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack.
CVE-2021-40834 1 F-secure 1 Safe 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
A user interface overlay vulnerability was discovered in F-secure SAFE Browser for Android. When user click on a specially crafted seemingly legitimate URL SAFE browser goes into full screen and hides the user interface. A remote attacker can leverage this to perform spoofing attack.
CVE-2021-3799 1 Getgrav 1 Grav-plugin-admin 2024-11-21 5.8 MEDIUM 5.4 MEDIUM
grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames
CVE-2021-3734 1 Yourls 1 Yourls 2024-11-21 6.8 MEDIUM 8.8 HIGH
yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames
CVE-2021-3731 2 Debian, Ledgersmb 2 Debian Linux, Ledgersmb 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions.
CVE-2021-3660 2 Cockpit-project, Redhat 2 Cockpit, Enterprise Linux 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks.