Total
317 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-37455 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A | 5.4 MEDIUM |
| The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS < 115. | |||||
| CVE-2023-36920 | 1 Sap | 4 Enable Now Enable Now Consump Del, Enable Now Wpb Manager, Enable Now Wpb Manager Ce and 1 more | 2024-11-21 | N/A | 6.1 MEDIUM |
| In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-FRAME-OPTIONS response header is not implemented, allowing an unauthenticated attacker to attempt clickjacking, which could result in disclosure or modification of information. | |||||
| CVE-2023-30961 | 1 Palantir | 2 Gotham-fe-bundle, Titanium-browser-app-bundle | 2024-11-21 | N/A | 6.5 MEDIUM |
| Palantir Gotham was found to be vulnerable to a bug where under certain circumstances, the frontend could have applied an incorrect classification to a newly created property or link. | |||||
| CVE-2023-2265 | 1 Selinc | 2 Sel-411l, Sel-411l Firmware | 2024-11-21 | N/A | 4.3 MEDIUM |
| An Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user. See product Instruction Manual Appendix A dated 20230830 for more details. | |||||
| CVE-2023-23343 | 1 Hcltech | 1 Bigfix Osd Bare Metal Server | 2024-11-21 | N/A | 2.4 LOW |
| A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on another page to perform a redirect to an attacker-controlled domain. | |||||
| CVE-2023-23126 | 1 Connectwise | 1 Automate | 2024-11-21 | N/A | 6.1 MEDIUM |
| Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions. NOTE: the vendor's position is that a Content-Security-Policy HTTP response header is present to block this attack. | |||||
| CVE-2023-1362 | 1 Bumsys Project | 1 Bumsys | 2024-11-21 | N/A | 6.1 MEDIUM |
| Improper Restriction of Rendered UI Layers or Frames in GitHub repository unilogies/bumsys prior to v2.0.2. | |||||
| CVE-2023-0780 | 1 Agentejo | 1 Cockpit | 2024-11-21 | N/A | 5.4 MEDIUM |
| Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev. | |||||
| CVE-2023-0654 | 1 Cloudflare | 1 Warp | 2024-11-21 | N/A | 3.9 LOW |
| Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app shown on the screen was the WARP client when in reality it was the attacker's app. | |||||
| CVE-2023-0057 | 2 Pyload, Pyload-ng Project | 2 Pyload, Pyload-ng | 2024-11-21 | N/A | 6.1 MEDIUM |
| Improper Restriction of Rendered UI Layers or Frames in GitHub repository pyload/pyload prior to 0.5.0b3.dev33. | |||||
| CVE-2022-45096 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | N/A | 5.4 MEDIUM |
| Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface Security Issue. An unauthenticated remote user could unintentionally lead an administrator to enable this vulnerability, leading to disclosure of information. | |||||
| CVE-2022-43378 | 1 Schneider-electric | 10 Netbotz 355, Netbotz 355 Firmware, Netbotz 450 and 7 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause the user to be tricked into performing unintended actions when external address frames are not properly restricted. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and prior) | |||||
| CVE-2022-42799 | 3 Apple, Debian, Fedoraproject | 8 Ipados, Iphone Os, Macos and 5 more | 2024-11-21 | N/A | 6.1 MEDIUM |
| The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing. | |||||
| CVE-2022-40268 | 1 Mitsubishielectric | 5 Gt25, Gt25 Firmware, Gt27 and 2 more | 2024-11-21 | N/A | 6.1 MEDIUM |
| Improper Restriction of Rendered UI Layers or Frames vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a remote unauthenticated attacker to lead legitimate users to perform unintended operations through clickjacking. | |||||
| CVE-2022-3167 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Restriction of Rendered UI Layers or Frames in GitHub repository ikus060/rdiffweb prior to 2.4.1. | |||||
| CVE-2022-36736 | 1 Jitsi | 1 Jitsi | 2024-11-21 | N/A | 6.1 MEDIUM |
| Jitsi-2.10.5550 was discovered to contain a vulnerability in its web UI which allows attackers to perform a clickjacking attack via a crafted HTTP request. NOTE: this is disputed by the vendor | |||||
| CVE-2022-36182 | 1 Hashicorp | 1 Boundary | 2024-11-21 | N/A | 6.1 MEDIUM |
| Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site. | |||||
| CVE-2022-34318 | 1 Ibm | 1 Cics Tx | 2024-11-21 | N/A | 5.4 MEDIUM |
| IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 229461. | |||||
| CVE-2022-34162 | 1 Ibm | 1 Cics Tx | 2024-11-21 | N/A | 6.1 MEDIUM |
| IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 229332. | |||||
| CVE-2022-33727 | 1 Google | 1 Android | 2024-11-21 | N/A | 4.8 MEDIUM |
| A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack. | |||||