Total
242 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-20852 | 1 Cisco | 1 Webex Meetings | 2023-12-10 | N/A | 6.5 MEDIUM |
Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow a remote attacker to conduct a cross-site scripting (XSS) attack or a frame hijacking attack against a user of the web interface. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2022-42799 | 3 Apple, Debian, Fedoraproject | 8 Ipados, Iphone Os, Macos and 5 more | 2023-12-10 | N/A | 6.1 MEDIUM |
The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing. | |||||
CVE-2022-33723 | 1 Google | 1 Android | 2023-12-10 | N/A | 6.1 MEDIUM |
A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack. | |||||
CVE-2022-34162 | 1 Ibm | 1 Cics Tx | 2023-12-10 | N/A | 6.1 MEDIUM |
IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 229332. | |||||
CVE-2022-20212 | 1 Google | 1 Android | 2023-12-10 | 4.4 MEDIUM | 7.8 HIGH |
In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-182282630 | |||||
CVE-2022-28889 | 1 Apache | 1 Druid | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header. | |||||
CVE-2022-33727 | 1 Google | 1 Android | 2023-12-10 | N/A | 6.1 MEDIUM |
A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack. | |||||
CVE-2022-36182 | 1 Hashicorp | 1 Boundary | 2023-12-10 | N/A | 6.1 MEDIUM |
Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site. | |||||
CVE-2022-2800 | 1 Gym Management System Project | 1 Gym Management System | 2023-12-10 | N/A | 6.1 MEDIUM |
A vulnerability, which was classified as problematic, has been found in SourceCodester Gym Management System. Affected by this issue is some unknown functionality. The manipulation leads to clickjacking. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-206246 is the identifier assigned to this vulnerability. | |||||
CVE-2022-2965 | 1 Notrinos | 1 Notrinoserp | 2023-12-10 | N/A | 4.3 MEDIUM |
Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7. | |||||
CVE-2022-1138 | 1 Google | 1 Chrome | 2023-12-10 | N/A | 6.5 MEDIUM |
Inappropriate implementation in Web Cursor in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who had compromised the renderer process to obscure the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
CVE-2022-2179 | 1 Rockwellautomation | 4 Micrologix 1100, Micrologix 1100 Firmware, Micrologix 1400 and 1 more | 2023-12-10 | N/A | 6.5 MEDIUM |
The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks. | |||||
CVE-2022-2734 | 1 Open-emr | 1 Openemr | 2023-12-10 | N/A | 5.4 MEDIUM |
Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1. | |||||
CVE-2022-3167 | 1 Ikus-soft | 1 Rdiffweb | 2023-12-10 | N/A | 8.8 HIGH |
Improper Restriction of Rendered UI Layers or Frames in GitHub repository ikus060/rdiffweb prior to 2.4.1. | |||||
CVE-2022-20226 | 1 Google | 1 Android | 2023-12-10 | 3.3 LOW | 3.9 LOW |
In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213644870 | |||||
CVE-2022-22503 | 1 Ibm | 2 Robotic Process Automation, Robotic Process Automation As A Service | 2023-12-10 | N/A | 6.1 MEDIUM |
IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 227125. | |||||
CVE-2021-39038 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 213968. | |||||
CVE-2021-27773 | 1 Hcltech | 1 Sametime | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
This vulnerability allows users to execute a clickjacking attack in the meeting's chat. | |||||
CVE-2022-28649 | 1 Jetbrains | 1 Youtrack | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description | |||||
CVE-2022-1803 | 1 Trudesk Project | 1 Trudesk | 2023-12-10 | 4.9 MEDIUM | 6.9 MEDIUM |
Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2. |