CWE-1021 · Improper Restriction of Rendered UI Layers or Frames (Clickjacking)

392 CVEs classified under CWE-1021 (Improper Restriction of Rendered UI Layers or Frames (Clickjacking)). Browse by severity and year.

Top CVEs for CWE-1021
CVESeverityScorePublishedSummary
CVE-2021-43048Critical9.82021-11-16The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain a vulnerability that theoretically allows an unauthenti…
CVE-2021-23274Critical9.82021-03-23The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vuln…
CVE-2016-2496Critical9.82016-06-13The Framework UI permission-dialog implementation in Android 6.x before 2016-06-01 allows attackers to conduct tapjacking attacks and access arbitrary private-…
CVE-2021-21132Critical9.62021-02-09Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted…
CVE-2021-21111Critical9.62021-01-08Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to p…
CVE-2024-10004Critical9.12024-10-15Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon sho…
CVE-2023-41897High8.82023-10-19Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the X-Frame-Options header, which spe…
CVE-2022-3167High8.82022-09-08Improper Restriction of Rendered UI Layers or Frames in GitHub repository ikus060/rdiffweb prior to 2.4.1.
CVE-2021-3734High8.82021-08-26yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames
CVE-2021-22866High8.82021-05-14A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authoriz…
CVE-2015-5686High8.82020-02-27Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. This would allow an atta…
CVE-2018-18496High8.82019-02-28When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confus…
CVE-2026-0007High8.62026-03-02In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to…
CVE-2021-44683High8.22022-03-25The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function (used to open a secondary browser wi…
CVE-2019-16371High8.22019-09-16LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim's account on a previously visited we…
CVE-2024-11700High8.12024-11-26Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of…
CVE-2024-7523High8.12024-08-06A select option could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. *This issue only a…
CVE-2024-33377High8.12024-06-14LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users to perform arb…
CVE-2021-23976High8.12021-02-26When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp mani…
CVE-2020-13119High8.12020-09-24ismartgate PRO 1.5.9 is vulnerable to clickjacking.