Total
243 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-4547 | 1 Ibm | 11 Collaborative Lifecycle Management, Engineering Insights, Engineering Lifecycle Management and 8 more | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315. | |||||
CVE-2021-0302 | 1 Google | 1 Android | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10Android ID: A-155287782 | |||||
CVE-2020-7371 | 1 Raiseitsolutions | 1 Rits Browser | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects the RITS Browser version 3.3.9 and prior versions. | |||||
CVE-2020-24711 | 1 Getgophish | 1 Gophish | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack | |||||
CVE-2020-26953 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. | |||||
CVE-2021-23955 | 1 Mozilla | 1 Firefox | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85. | |||||
CVE-2019-8771 | 1 Apple | 2 Iphone Os, Safari | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy. | |||||
CVE-2021-0315 | 1 Google | 1 Android | 2023-12-10 | 4.4 MEDIUM | 7.3 HIGH |
In onCreate of GrantCredentialsPermissionActivity.java, there is a possible way to convince the user to grant an app access to an account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-169763814. | |||||
CVE-2021-0331 | 1 Google | 1 Android | 2023-12-10 | 6.9 MEDIUM | 7.3 HIGH |
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible overlay attack due to an insecure default value. This could lead to local escalation of privilege and notification access with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-170731783 | |||||
CVE-2020-9945 | 1 Apple | 2 Mac Os X, Safari | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, Safari 14.0.1. Visiting a malicious website may lead to address bar spoofing. | |||||
CVE-2021-21132 | 2 Google, Microsoft | 2 Chrome, Edge Chromium | 2023-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension. | |||||
CVE-2020-9987 | 1 Apple | 1 Safari | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 14.0. Visiting a malicious website may lead to address bar spoofing. | |||||
CVE-2020-16032 | 1 Google | 1 Chrome | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
Insufficient data validation in sharing in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
CVE-2020-4785 | 1 Ibm | 1 App Connect Enterprise Certified Container | 2023-12-10 | 4.9 MEDIUM | 5.4 MEDIUM |
IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 189219. | |||||
CVE-2020-5679 | 1 Ec-cube | 1 Ec-cube | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted. | |||||
CVE-2020-13119 | 1 Gogogate | 2 Ismartgate Pro, Ismartgate Pro Firmware | 2023-12-10 | 4.3 MEDIUM | 8.1 HIGH |
ismartgate PRO 1.5.9 is vulnerable to clickjacking. | |||||
CVE-2020-15793 | 1 Siemens | 1 Desigo Insight | 2023-12-10 | 5.8 MEDIUM | 5.4 MEDIUM |
A vulnerability has been identified in Desigo Insight (All versions). The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by tricking that user to click on a website controlled by the attacker. | |||||
CVE-2021-21111 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | |||||
CVE-2020-9444 | 1 Zulip | 1 Zulip Server | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality. | |||||
CVE-2019-19001 | 1 Hitachienergy | 1 Esoms | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials. |