Total
245 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-0014 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable. This could lead to a local escalation of privilege with no additional execution privileges needed. User action is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-128674520 | |||||
CVE-2013-2675 | 1 Brother | 2 Mfc-9970cdw, Mfc-9970cdw Firmware | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Brother MFC-9970CDW 1.10 devices with Firmware L contain a Frameable response (Clickjacking) vulnerability which could allow remote attackers to obtain sensitive information. | |||||
CVE-2015-5686 | 1 Puppet | 1 Puppet Enterprise | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. This would allow an attacker to redirect user input to an untrusted site or hijack a user session. | |||||
CVE-2019-15930 | 1 Intesync | 1 Solismed | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
Intesync Solismed 3.3sp allows Clickjacking. | |||||
CVE-2019-17131 | 1 Vbulletin | 1 Vbulletin | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
vBulletin before 5.5.4 allows clickjacking. | |||||
CVE-2020-2105 | 1 Jenkins | 1 Jenkins | 2023-12-10 | 4.3 MEDIUM | 5.4 MEDIUM |
REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks. | |||||
CVE-2013-6772 | 1 Splunk | 1 Splunk | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking | |||||
CVE-2019-4548 | 1 Ibm | 1 Security Directory Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM Security Directory Server 6.4.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 165950. | |||||
CVE-2019-3639 | 1 Mcafee | 1 Web Gateway | 2023-12-10 | 5.8 MEDIUM | 7.1 HIGH |
Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjacking attacks via a crafted web page that contains an iframe via does not send an X-Frame-Options HTTP header. | |||||
CVE-2019-16175 | 1 Limesurvey | 1 Limesurvey | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
A clickjacking vulnerability was found in Limesurvey before 3.17.14. | |||||
CVE-2019-4086 | 1 Ibm | 1 Application Performance Management | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM Cloud Application Performance Management 8.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 157509. | |||||
CVE-2019-12880 | 1 Bcnquark | 1 Quarking Password Manager | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
BCN Quark Quarking Password Manager 3.1.84 suffers from a clickjacking vulnerability caused by allowing * within web_accessible_resources. An attacker can take advantage of this vulnerability and cause significant harm. | |||||
CVE-2019-1975 | 1 Cisco | 10 Hyperflex Hx220c Af M5, Hyperflex Hx220c Af M5 Firmware, Hyperflex Hx220c Edge M5 and 7 more | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct clickjacking or other clientside browser attacks. | |||||
CVE-2018-1853 | 6 Apple, Hp, Ibm and 3 more | 7 Macos, Hp-ux, Aix and 4 more | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 151014. | |||||
CVE-2019-4217 | 1 Ibm | 1 Security Information Queue | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 159226. | |||||
CVE-2019-2125 | 1 Google | 1 Android | 2023-12-10 | 4.4 MEDIUM | 7.3 HIGH |
In ChangeDefaultDialerDialog.java, there is a possible escalation of privilege due to an overlay attack. This could lead to local escalation of privilege, granting privileges to a local app without the user's informed consent, with no additional privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-132275252. | |||||
CVE-2019-4058 | 1 Ibm | 1 Bigfix Platform | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to manipulate the UI into exposing interface elements and information normally restricted to administrators. IBM X-Force ID: 156570. | |||||
CVE-2019-3794 | 1 Pivotal Software | 1 Cloud Foundry Uaa | 2023-12-10 | 4.3 MEDIUM | 5.4 MEDIUM |
Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perform clickjacking attacks on UAA's frontend sites. | |||||
CVE-2019-4285 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could send a specially-crafted HTTP request to hijack the victim's click actions or launch other client-side browser attacks. IBM X-Force ID: 160513. | |||||
CVE-2019-5243 | 1 Huawei | 2 Hg255s, Hg255s Firmware | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
There is a Clickjacking vulnerability in Huawei HG255s product. An attacker may trick user to click a link and affect the integrity of a device by exploiting this vulnerability. |