CWE-1021

Improper Restriction of Rendered UI Layers or Frames

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain.

388 vulnerabilities with CWE-1021
CVE-2021-0586 HIGH
Android - Tapjacking/Overlay Attack via DevicePickerFragment
CVSS 7.8
CVE-2021-35300 MEDIUM
Zammad 1.0.0-4.0.0 - Text Injection and Content Spoofing in 404 Page
CVSS 4.3
CVE-2021-0538 HIGH
Android - Local Privilege Escalation via Tapjacking Overlay Attack
CVSS 7.3
CVE-2021-0537 HIGH
Android - Tapjacking/Overlay Attack via WiFiInstaller onCreate
CVSS 7.3
CVE-2021-0569 MEDIUM
Android - Local Information Disclosure via Tapjacking Overlay Attack
CVSS 5.0
CVE-2021-0523 HIGH
Android - Local Privilege Escalation via Tapjacking in WifiScanModeActivity
CVSS 7.3
CVE-2021-0506 HIGH
Android - Tapjacking/Overlay Attack via ActivityPicker Intent Resolution
CVSS 7.3
CVE-2021-0487 HIGH
Android - Local Privilege Escalation
CVSS 7.8
CVE-2021-27467 MEDIUM
Emerson Rosemount X-STREAM - Open Redirect
CVSS 6.1
CVE-2021-22866 HIGH
GitHub Enterprise Server - Privilege Escalation
CVSS 8.8
CVE-2021-0446 HIGH
Android 11 - Tapjacking/Overlay Attack in ImportVCardActivity
CVSS 7.3
CVE-2021-0438 HIGH
Android - Tapjacking Attack via Incorrect FLAG_OBSCURED Value
CVSS 7.8
CVE-2021-0433 HIGH
Android - Tapjacking/Overlay Attack via Bluetooth Device Pairing Dialog
CVSS 8.0
CVE-2021-1403 HIGH
Cisco IOS XE - Unauthenticated Cross-Site WebSocket Hijacking and Denial of Service via Crafted Link
CVSS 7.4
CVE-2021-23274 CRITICAL
TIBCO API Exchange Gateway < - SSRF
CVSS 9.8
CVE-2021-0386 HIGH
Android 11 - Tapjacking via UsbConfirmActivity
CVSS 7.8
CVE-2021-0391 HIGH
Android - Unauthenticated Account Existence Disclosure via Tapjacking Overlay Attack
CVSS 7.8
CVE-2021-23955 MEDIUM
Firefox < 85.0 - Clickjacking via Pointer Lock State Transfer
CVSS 6.1
CVE-2021-23976 HIGH
Firefox < 86.0 - UI Spoofing and Cross-Origin Attacks via Malicious Intent Manifest
CVSS 8.1
CVE-2021-27375 MEDIUM
Traefik < 2.4.5 - Cross-Origin IFRAME Loading
CVSS 5.3
CVE-2021-0333 HIGH
Android - Tapjacking Permissions Bypass via Bluetooth Permission Dialog Overlay
CVSS 7.3
CVE-2021-0331 HIGH
Android 8.1-11 - Local Privilege Escalation via Notification Access Overlay Attack
CVSS 7.3
CVE-2021-0314 HIGH
Android - Unauthenticated Tapjacking/Overlay Attack via UninstallerActivity
CVSS 7.3
CVE-2021-0305 HIGH
Android 8.1-10 - Tapjacking via Insecure PackageInstaller Default
CVSS 7.8
CVE-2021-0302 HIGH
Android - Tapjacking Attack via Insecure Default Value in PackageInstaller
CVSS 7.8
Details
Vulnerabilities 388
Links
MITRE CWE Entry Search this CWE With Exploits