CWE-1021

Improper Restriction of Rendered UI Layers or Frames

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain.

388 vulnerabilities with CWE-1021
CVE-2021-1006 MEDIUM
Android 12 - Bluetooth MAC Address Disclosure via DatabaseManager.java Log Information
CVSS 4.4
CVE-2021-0992 LOW
Android 12 - Unauthenticated Local Privilege Escalation via Tapjack Overlay in PaymentDefaultDialog
CVSS 3.3
CVE-2021-0963 HIGH
Android - Local Privilege Escalation via Tapjacking Overlay Attack
CVSS 7.1
CVE-2021-0954 HIGH
Android - Tapjacking/Overlay Attack in ResolverActivity
CVSS 7.3
CVE-2021-39054 MEDIUM
IBM Spectrum Copy Data Management <2.2.13 - CSRF
CVSS 5.4
CVE-2021-40834 MEDIUM
F-Secure SAFE Browser - Info Disclosure
CVSS 4.3
CVE-2021-43546 MEDIUM
Thunderbird <91.4.0-Firefox <95 - Info Disclosure
CVSS 4.3
CVE-2021-38509 MEDIUM
Firefox < 94, Thunderbird < 91.3, Firefox ESR < 91.3 - XSS
CVSS 4.3
CVE-2021-38508 MEDIUM
Firefox <94, Thunderbird <91.3, Firefox ESR <91.3 - CSRF
CVSS 4.3
CVE-2021-38506 MEDIUM
Firefox < 94.0 - UI Spoofing via Fullscreen Mode Navigation
CVSS 4.3
CVE-2021-43048 CRITICAL
TIBCO PartnerExpress < 6.2.1 - Unauthenticated Clickjacking in Interior and Gateway Server Components
CVSS 9.8
CVE-2021-35237 MEDIUM
Kiwi Syslog Server < 9.7.2 - Clickjacking via Missing X-Frame-Options Header
CVSS 5.0
CVE-2021-38472 MEDIUM
InHand Networks IR615 Router 2.3.0.r4724 and 2.3.0.r4870 - Clickjacking via Missing X-FRAME-OPTIONS Header
CVSS 4.7
CVE-2021-27003 MEDIUM
Clustered Data ONTAP <9.5P18, 9.6P15, 9.7P14, 9.8P5, 9.9.1 - XSS
CVSS 4.7
CVE-2021-0583 HIGH
Android -9, Android-10 - Privilege Escalation
CVSS 7.3
CVE-2021-37971 MEDIUM
Google Chrome < 94.0.4606.54 - Security UI Spoofing via Omnibox Manipulation
CVSS 4.3
CVE-2021-0598 HIGH
Android - Tapjacking/Overlay Attack in ConfirmConnectActivity
CVSS 7.3
CVE-2021-3799 MEDIUM
Grav Admin Plugin < 1.10.20 - Clickjacking via Unrestricted UI Layer Rendering
CVSS 5.4
CVE-2021-3734 HIGH
YOURLS < 1.8.1 - Cross-Site Request Forgery via Clickjacking
CVSS 8.8
CVE-2021-3731 MEDIUM
LedgerSMB 1.1.0-1.1.11 - Clickjacking via Insufficient UI Layer Protection
CVSS 5.9
CVE-2021-32070 MEDIUM
Mitel MiCollab < 9.3 - Clickjacking via Insecure Header Response
CVSS 5.4
CVE-2021-37788 MEDIUM
Gurock TestRail 5.3.0.3603 - Unauthenticated Clickjacking via iFrame Input Validation Bypass
CVSS 5.4
CVE-2021-33596 LOW
F-Secure Safe Browser for iOS - Open Redirect
CVSS 3.5
CVE-2021-20560 MEDIUM
IBM Sterling Connect:Direct Browser User Interface <1.5.0.2 - CSRF
CVSS 5.4
CVE-2021-0603 HIGH
Android 11 - Tapjacking/Overlay Attack in ContactSelectionActivity
CVSS 7.8
Details
Vulnerabilities 388
Links
MITRE CWE Entry Search this CWE With Exploits