CWE-1021
Improper Restriction of Rendered UI Layers or Frames
The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain.
388 vulnerabilities with CWE-1021
CVE-2021-21444
MEDIUM
SAP Business Objects BI Platform - XSS
CVSS 6.1
CVE-2021-21139
MEDIUM
Chrome < 88.0.4324.96 - Navigation Restriction Bypass via iframe Sandbox
CVSS 6.5
CVE-2021-21132
CRITICAL
Google Chrome < 88.0.4324.96 - Sandbox Escape via Crafted Chrome Extension
CVSS 9.6
CVE-2021-0315
HIGH
Android 8.0-11 - Tapjacking/Overlay Attack via GrantCredentialsPermissionActivity
CVSS 7.3
CVE-2021-21111
CRITICAL
Google Chrome <87.0.4280.141 - Privilege Escalation
CVSS 9.6
CVE-2020-10743
MEDIUM
OpenShift Container Platform - CSRF
CVSS 4.3
CVE-2020-4547
MEDIUM
IBM Jazz Foundation - Clickjacking via Malicious Web Site
CVSS 5.4
CVE-2020-27059
HIGH
Android 8.0-11 - Tapjacking via Fingerprint Authentication Overlay
CVSS 7.8
CVE-2020-5020
MEDIUM
IBM Spectrum Protect Plus <10.1.6 - CSRF
CVSS 6.1
CVE-2020-16033
MEDIUM
Google Chrome < 87.0.4280.66 - Security UI Spoofing via WebUSB
CVSS 4.3
CVE-2020-16032
MEDIUM
Google Chrome < 87.0.4280.66 - URL Spoofing via Omnibox Manipulation
CVSS 4.3
CVE-2020-16031
MEDIUM
Google Chrome < 87.0.4280.66 - URL Spoofing via Omnibox Manipulation
CVSS 4.3
CVE-2020-35735
MEDIUM
Vidyo - Clickjacking via Portal URI
CVSS 4.7
CVE-2020-28218
MEDIUM
Easergy T300 Firmware < 2.7 - Clickjacking
CVSS 6.5
CVE-2020-26962
MEDIUM
Firefox < 83.0 - Cross-Origin Iframe Login Form Autofill Spoofing
CVSS 6.1
CVE-2020-26953
MEDIUM
Firefox <83- Thunderbird <78.5 - Info Disclosure
CVSS 4.3
CVE-2020-9993
MEDIUM
Safari < 14.0 - Address Bar Spoofing via Malicious Website
CVSS 4.3
CVE-2020-9987
MEDIUM
Safari < 14.0 - Address Bar Spoofing via Inconsistent UI State
CVSS 4.3
CVE-2020-9945
MEDIUM
macOS Big Sur <11.0.1 and Safari <14.0.1 - Address Bar Spoofing
CVSS 4.3
CVE-2020-9942
MEDIUM
Safari < 13.1.2 and macOS < 11.0.1 - Address Bar Spoofing via UI State Management
CVSS 4.3
CVE-2020-5679
MEDIUM
EC-CUBE 3.0.0-3.0.18 - Clickjacking via UI Layer Restriction Bypass
CVSS 6.1
CVE-2020-4785
MEDIUM
IBM App Connect Enterprise Certified Container <1.0.5 - CSRF
CVSS 5.4
CVE-2020-24711
MEDIUM
gophish < 0.11.0 - Denial of Service via Clickjacking on Account Settings Reset Button
CVSS 6.5
CVE-2020-7371
MEDIUM
Yandex Browser <3.3.9 - Info Disclosure
CVSS 4.3
CVE-2020-15793
MEDIUM
Desigo Insight - Clickjacking via Missing X-Frame-Options Header
CVSS 5.4
Details
Vulnerabilities
388