Vulnerabilities (CVE)

Filtered by CWE-1021
Total 242 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-20852 1 Cisco 1 Webex Meetings 2023-12-10 N/A 6.5 MEDIUM
Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow a remote attacker to conduct a cross-site scripting (XSS) attack or a frame hijacking attack against a user of the web interface. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2022-42799 3 Apple, Debian, Fedoraproject 8 Ipados, Iphone Os, Macos and 5 more 2023-12-10 N/A 6.1 MEDIUM
The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing.
CVE-2022-33723 1 Google 1 Android 2023-12-10 N/A 6.1 MEDIUM
A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack.
CVE-2022-34162 1 Ibm 1 Cics Tx 2023-12-10 N/A 6.1 MEDIUM
IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 229332.
CVE-2022-20212 1 Google 1 Android 2023-12-10 4.4 MEDIUM 7.8 HIGH
In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-182282630
CVE-2022-28889 1 Apache 1 Druid 2023-12-10 4.3 MEDIUM 4.3 MEDIUM
In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.
CVE-2022-33727 1 Google 1 Android 2023-12-10 N/A 6.1 MEDIUM
A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack.
CVE-2022-36182 1 Hashicorp 1 Boundary 2023-12-10 N/A 6.1 MEDIUM
Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site.
CVE-2022-2800 1 Gym Management System Project 1 Gym Management System 2023-12-10 N/A 6.1 MEDIUM
A vulnerability, which was classified as problematic, has been found in SourceCodester Gym Management System. Affected by this issue is some unknown functionality. The manipulation leads to clickjacking. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-206246 is the identifier assigned to this vulnerability.
CVE-2022-2965 1 Notrinos 1 Notrinoserp 2023-12-10 N/A 4.3 MEDIUM
Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7.
CVE-2022-1138 1 Google 1 Chrome 2023-12-10 N/A 6.5 MEDIUM
Inappropriate implementation in Web Cursor in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who had compromised the renderer process to obscure the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2022-2179 1 Rockwellautomation 4 Micrologix 1100, Micrologix 1100 Firmware, Micrologix 1400 and 1 more 2023-12-10 N/A 6.5 MEDIUM
The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks.
CVE-2022-2734 1 Open-emr 1 Openemr 2023-12-10 N/A 5.4 MEDIUM
Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1.
CVE-2022-3167 1 Ikus-soft 1 Rdiffweb 2023-12-10 N/A 8.8 HIGH
Improper Restriction of Rendered UI Layers or Frames in GitHub repository ikus060/rdiffweb prior to 2.4.1.
CVE-2022-20226 1 Google 1 Android 2023-12-10 3.3 LOW 3.9 LOW
In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213644870
CVE-2022-22503 1 Ibm 2 Robotic Process Automation, Robotic Process Automation As A Service 2023-12-10 N/A 6.1 MEDIUM
IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 227125.
CVE-2021-39038 1 Ibm 1 Websphere Application Server 2023-12-10 3.5 LOW 5.4 MEDIUM
IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 213968.
CVE-2021-27773 1 Hcltech 1 Sametime 2023-12-10 4.3 MEDIUM 4.3 MEDIUM
This vulnerability allows users to execute a clickjacking attack in the meeting's chat.
CVE-2022-28649 1 Jetbrains 1 Youtrack 2023-12-10 3.5 LOW 5.4 MEDIUM
In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description
CVE-2022-1803 1 Trudesk Project 1 Trudesk 2023-12-10 4.9 MEDIUM 6.9 MEDIUM
Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2.