CWE-1021

Improper Restriction of Rendered UI Layers or Frames

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain.

390 vulnerabilities with CWE-1021
CVE-2019-8771 MEDIUM
Safari < 13.0.1 - Iframe Sandbox Policy Bypass
CVSS 6.1
CVE-2019-4323 MEDIUM
HCL AppScan < 10.0.0 - Clickjacking via API Documentation
CVSS 4.3
CVE-2019-19001 MEDIUM
Hitachi Energy eSOMS 4.0-6.0.2 - ClickJacking via Missing X-Frame-Options Header
CVSS 6.5
CVE-2019-13924 MEDIUM
SCALANCE X-200 and X-300 Firmware - Clickjacking via Missing X-Frame-Options Header
CVSS 5.4
CVE-2019-4548 MEDIUM
IBM Security Directory Server 6.4.0 - CSRF
CVSS 6.1
CVE-2019-4742 MEDIUM
IBM Financial Transaction Manager 3.0 - CSRF
CVSS 6.1
CVE-2019-15930 MEDIUM
Intesync Solismed 3.3sp - Clickjacking
CVSS 4.3
CVE-2019-5861 MEDIUM
Google Chrome < 76.0.3809.87 - Anti-Clickjacking Policy Bypass via Crafted HTML Page
CVSS 4.3
CVE-2019-4215 MEDIUM
IBM SmartCloud Analytics <1.3.5 - CSRF
CVSS 6.1
CVE-2019-17131 MEDIUM
vBulletin < 5.5.4 - Clickjacking
CVSS 4.3
CVE-2019-4109 MEDIUM
IBM WebSphere eXtreme Scale 8.6 - CSRF
CVSS 6.1
CVE-2019-1975 MEDIUM
Cisco HyperFlex HX220c AF M5 < 3.5.2f - Cross-Frame Scripting via iframe
CVSS 6.1
CVE-2019-4086 MEDIUM
IBM Cloud Application Performance Management 8.1.4 - CSRF
CVSS 6.1
CVE-2019-16371 HIGH
LastPass < 4.33.0 - Credential Capture via Clickjacking Bypass
CVSS 8.2
CVE-2019-16175 MEDIUM
LimeSurvey < 3.17.14 - Clickjacking
CVSS 4.3
CVE-2019-2125 HIGH
Android 7.0-9 - Privilege Escalation via Overlay Attack in ChangeDefaultDialerDialog
CVSS 7.3
CVE-2019-3639 HIGH
McAfee Web Gateway 7.8.2.0-7.8.2.11 - Clickjacking via Missing X-Frame-Options Header
CVSS 7.1
CVE-2019-4285 MEDIUM
IBM WebSphere Application Server - Liberty Admin Center - CSRF
CVSS 5.4
CVE-2019-3794 MEDIUM
Cloud Foundry UAA < 73.4.0 - Clickjacking via Missing X-FRAME-OPTIONS Header
CVSS 5.4
CVE-2019-9147 MEDIUM
Mailvelope < 3.1.0 - Clickjacking via Settings Page Bypass
CVSS 4.3
CVE-2019-12880 MEDIUM
BCN Quark Quarking Password Manager <3.1.84 - CSRF
CVSS 4.3
CVE-2019-0305 MEDIUM
SAP NetWeaver Process Integration <7.40 - XSS
CVSS 4.3
CVE-2019-5243 MEDIUM
Huawei HG255s Firmware - Clickjacking via Unrestricted UI Layer Rendering
CVSS 4.3
CVE-2019-4217 MEDIUM
IBM Security Information Queue <1.0.3 - CSRF
CVSS 6.1
CVE-2019-7393 MEDIUM
CA Technologies CA Strong Authentication <9.0 - Info Disclosure
CVSS 4.3
Details
Vulnerabilities 390
Links
MITRE CWE Entry Search this CWE With Exploits