CWE-1021 · Improper Restriction of Rendered UI Layers or Frames (Clickjacking)
392 CVEs classified under CWE-1021 (Improper Restriction of Rendered UI Layers or Frames (Clickjacking)). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-43048 | Critical | 9.8 | 2021-11-16 | The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain a vulnerability that theoretically allows an unauthenti… |
CVE-2021-23274 | Critical | 9.8 | 2021-03-23 | The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vuln… |
CVE-2016-2496 | Critical | 9.8 | 2016-06-13 | The Framework UI permission-dialog implementation in Android 6.x before 2016-06-01 allows attackers to conduct tapjacking attacks and access arbitrary private-… |
CVE-2021-21132 | Critical | 9.6 | 2021-02-09 | Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted… |
CVE-2021-21111 | Critical | 9.6 | 2021-01-08 | Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to p… |
CVE-2024-10004 | Critical | 9.1 | 2024-10-15 | Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon sho… |
CVE-2023-41897 | High | 8.8 | 2023-10-19 | Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the X-Frame-Options header, which spe… |
CVE-2022-3167 | High | 8.8 | 2022-09-08 | Improper Restriction of Rendered UI Layers or Frames in GitHub repository ikus060/rdiffweb prior to 2.4.1. |
CVE-2021-3734 | High | 8.8 | 2021-08-26 | yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames |
CVE-2021-22866 | High | 8.8 | 2021-05-14 | A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authoriz… |
CVE-2015-5686 | High | 8.8 | 2020-02-27 | Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. This would allow an atta… |
CVE-2018-18496 | High | 8.8 | 2019-02-28 | When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confus… |
CVE-2026-0007 | High | 8.6 | 2026-03-02 | In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to… |
CVE-2021-44683 | High | 8.2 | 2022-03-25 | The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function (used to open a secondary browser wi… |
CVE-2019-16371 | High | 8.2 | 2019-09-16 | LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim's account on a previously visited we… |
CVE-2024-11700 | High | 8.1 | 2024-11-26 | Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of… |
CVE-2024-7523 | High | 8.1 | 2024-08-06 | A select option could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. *This issue only a… |
CVE-2024-33377 | High | 8.1 | 2024-06-14 | LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users to perform arb… |
CVE-2021-23976 | High | 8.1 | 2021-02-26 | When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp mani… |
CVE-2020-13119 | High | 8.1 | 2020-09-24 | ismartgate PRO 1.5.9 is vulnerable to clickjacking. |