Total
245 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-9444 | 1 Zulip | 1 Zulip Server | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality. | |||||
CVE-2019-19001 | 1 Hitachienergy | 1 Esoms | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials. | |||||
CVE-2020-13174 | 1 Teradici | 1 Pcoip Management Console | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The web server in the Teradici Managament console versions 20.04 and 20.01.1 did not properly set the X-Frame-Options HTTP header, which could allow an attacker to trick a user into clicking a malicious link via clickjacking. | |||||
CVE-2020-7705 | 1 Mintegral | 1 Mintegraladsdk | 2023-12-10 | 5.8 MEDIUM | 8.1 HIGH |
This affects the package MintegralAdSDK from 0.0.0. The SDK distributed by the company contains malicious functionality that tracks any URL opened by the app and reports it back to the company, along with performing advertisement attribution fraud. Mintegral can remotely activate hooks on the UIApplication, openURL, SKStoreProductViewController, loadProductWithParameters and NSURLProtocol methods along with anti-debug and proxy detection protection. If those hooks are active MintegralAdSDK sends obfuscated data about every opened URL in an application to their servers. Note that the malicious functionality is enabled even if the SDK was not enabled to serve ads. | |||||
CVE-2020-1728 | 2 Quarkus, Redhat | 2 Quarkus, Keycloak | 2023-12-10 | 5.8 MEDIUM | 5.4 MEDIUM |
A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors. | |||||
CVE-2019-4323 | 1 Hcltech | 1 Appscan | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame." | |||||
CVE-2020-4406 | 3 Ibm, Linux, Microsoft | 5 Aix, Spectrum Protect Client, Spectrum Protect For Space Management and 2 more | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 179488. | |||||
CVE-2020-15648 | 1 Mozilla | 2 Firefox, Thunderbird | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird < 78 and Firefox < 78.0.2. | |||||
CVE-2020-4322 | 1 Ibm | 1 Security Secret Server | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
IBM Security Secret Server 10.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 177511. | |||||
CVE-2020-10951 | 1 Westerndigital | 2 Ibi, My Cloud Home | 2023-12-10 | 4.3 MEDIUM | 4.7 MEDIUM |
Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages. | |||||
CVE-2020-6827 | 2 Google, Mozilla | 2 Android, Firefox Esr | 2023-12-10 | 4.3 MEDIUM | 4.7 MEDIUM |
When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI. <br> *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.7. | |||||
CVE-2020-4195 | 1 Ibm | 1 Api Connect | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 174859. | |||||
CVE-2020-4165 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Security Guardium Insights 2.0.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 174401. | |||||
CVE-2016-5710 | 1 Netapp | 1 Snap Creator Framework | 2023-12-10 | 3.5 LOW | 4.6 MEDIUM |
NetApp Snap Creator Framework before 4.3P1 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. | |||||
CVE-2013-2682 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vulnerability which allows remote attackers to obtain sensitive information. | |||||
CVE-2019-5861 | 1 Google | 1 Chrome | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
Insufficient data validation in Blink in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to bypass anti-clickjacking policy via a crafted HTML page. | |||||
CVE-2019-4109 | 1 Ibm | 1 Websphere Extreme Scale | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
IBM WebSphere eXtreme Scale 8.6 Admin Console could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 158102. | |||||
CVE-2020-9517 | 1 Microfocus | 1 Service Manager | 2023-12-10 | 4.9 MEDIUM | 5.4 MEDIUM |
There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks. | |||||
CVE-2019-4742 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM Financial Transaction Manager 3.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 172877. | |||||
CVE-2013-5594 | 1 Mozilla | 1 Firefox | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml binding |