CWE-1021
Improper Restriction of Rendered UI Layers or Frames
The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain.
388 vulnerabilities with CWE-1021
CVE-2020-4727
MEDIUM
IBM InfoSphere Information Server 11.7 - CSRF
CVSS 6.1
CVE-2020-13119
HIGH
iSmartGate PRO Firmware 1.5.9 - Clickjacking
CVSS 8.1
CVE-2020-6547
MEDIUM
Google Chrome <84.0.4147.125 - Info Disclosure
CVSS 6.5
CVE-2020-0366
HIGH
Android 11 - Permissions Bypass via Tapjacking in PackageInstaller
CVSS 7.8
CVE-2020-0387
HIGH
Android - Missing Authorization Leading to Tapjacking and Privilege Escalation
CVSS 7.8
CVE-2020-0394
HIGH
Android - Tapjacking via BluetoothPairingDialog Insecure Default
CVSS 7.8
CVE-2020-0386
MEDIUM
Android - Local Privilege Escalation via Tapjacking in RequestPermissionActivity
CVSS 5.5
CVE-2020-7705
HIGH
MIntegralAdSDK <0.0.0 - Code Injection
CVSS 7.1
CVE-2020-4165
MEDIUM
IBM Security Guardium Insights 2.0.1 - CSRF
CVSS 5.4
CVE-2020-13174
MEDIUM
Teradici Management Console <20.04-20.01.1 - CSRF
CVSS 6.1
CVE-2020-15648
MEDIUM
Firefox < 78.0.2 and Thunderbird < 78 - UI Layer Bypass via Object or Embed Tags
CVSS 6.5
CVE-2020-4644
MEDIUM
IBM Planning Analytics Local <2.0.9.1 - CSRF
CVSS 5.4
CVE-2020-4322
MEDIUM
IBM Security Secret Server 10.7 - CSRF
CVSS 4.3
CVE-2020-4406
MEDIUM
IBM Spectrum Protect Client <8.1.9.1 - CSRF
CVSS 5.4
CVE-2020-4195
MEDIUM
IBM API Connect V2018.4.1.0-2018.4.1.10 - CSRF
CVSS 5.4
CVE-2020-6827
MEDIUM
Firefox for Android - Info Disclosure
CVSS 4.7
CVE-2020-9444
MEDIUM
Zulip Server <2.1.3 - Info Disclosure
CVSS 6.1
CVE-2020-10951
MEDIUM
Western Digital My Cloud Home & ibi <2.2.0 - CSRF
CVSS 4.7
CVE-2020-1728
MEDIUM
Keycloak < 10.0.0 - Missing HTTP Security Headers in Admin Console
CVSS 4.8
CVE-2020-0051
HIGH
Android 10 - Tapjacking Attack in SettingsHomepageActivity
CVSS 7.8
CVE-2020-9517
MEDIUM
Micro Focus Service Manager Release Control <9.51 - XSS
CVSS 5.4
CVE-2020-0014
MEDIUM
Android 8.0-10 - Unauthenticated Privilege Escalation via TYPE_TOAST Window Injection
CVSS 5.5
CVE-2020-2105
MEDIUM
Jenkins < 2.204.1 and < 2.218 - Clickjacking via REST API Endpoints
CVSS 5.4
CVE-2019-8771
MEDIUM
Safari < 13.0.1 - Iframe Sandbox Policy Bypass
CVSS 6.1
CVE-2019-4323
MEDIUM
HCL AppScan < 10.0.0 - Clickjacking via API Documentation
CVSS 4.3
Details
Vulnerabilities
388