CWE-1021

Improper Restriction of Rendered UI Layers or Frames

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain.

390 vulnerabilities with CWE-1021
CVE-2019-4058 MEDIUM
IBM BigFix <9.2,9.5 - Info Disclosure
CVSS 6.5
CVE-2019-5767 MEDIUM
Google Chrome <72.0.3626.81 - Info Disclosure
CVSS 6.5
CVE-2018-19957 MEDIUM
QNAP QTS < 4.5.4.1715, QuTS hero < h4.5.4.1771, QuTScloud < c4.5.6.1755 Clickjacking
CVSS 6.1
CVE-2018-1853 MEDIUM
IBM Spectrum Protect Backup-Archive Client 7.1.0.0-7.1.8.4 - Clickjacking
CVSS 6.1
CVE-2018-18496 HIGH
Firefox < 64.0 - Clickjacking via RSS Feed Preview Frame
CVSS 8.8
CVE-2018-16172 MEDIUM
Cybozu Remote Service <3.1.8 - CSRF
CVSS 6.5
CVE-2018-6178 MEDIUM
Google Chrome < 68.0.3440.75 - Security UI Spoofing via DevTools Infobar
CVSS 4.3
CVE-2018-17192 MEDIUM
Apache NiFi <1.8.0 - Info Disclosure
CVSS 6.5
CVE-2018-1803 MEDIUM
IBM Security Access Manager Appliance <9.0.5.0 - CSRF
CVSS 6.1
CVE-2018-9524 HIGH
Android 7.0-8.1 - Unauthenticated Local Privilege Escalation via Overlay Window
CVSS 7.8
CVE-2018-9458 HIGH
Android <8.1 - Privilege Escalation
CVSS 7.8
CVE-2018-6909 MEDIUM
Green Electronics RainMachine Mini-8 (2nd Gen) & Touch HD 12 - XSS
CVSS 6.5
CVE-2018-15423 MEDIUM
Cisco HyperFlex HX Data Platform - Unauthenticated Clickjacking via Malicious iFrame Data
CVSS 4.7
CVE-2018-12576 MEDIUM
TP-Link TL-WR841N <v13 - Clickjacking
CVSS 4.3
CVE-2018-0355 MEDIUM
Cisco Unified Communications Manager - Cross-Frame Scripting via Insufficient HTML iframe Protection
CVSS 6.1
CVE-2018-1432 MEDIUM
IBM InfoSphere Information Server <11.7 - XSS
CVSS 6.1
CVE-2018-7491 HIGH
PrestaShop < 1.7.2.5 - UI-Redressing/Clickjacking via Missing X-Frame-Options and CSP Headers
CVSS 7.5
CVE-2017-20041 MEDIUM
UC Browser 11.2.5.932 - Improper Restriction of Rendered UI Layers via Title Argument
CVSS 5.4
CVE-2017-16775 HIGH
Synology SSO Server <2.1.3-0129 - CSRF
CVSS 7.1
CVE-2017-11290 MEDIUM
Adobe Connect <= 9.6.2 - UI Redressing
CVSS 6.1
CVE-2017-5697 MEDIUM
Intel AMT Firmware < 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, 11.6.25.1129 - Clickjacking
CVSS 6.5
CVE-2017-4015 MEDIUM
McAfee Network Data Loss Prevention 9.3.x - Authenticated Clickjacking via HTTP Response Header
CVSS 4.5
CVE-2017-7440 MEDIUM
Kerio Connect 8.0.0-9.2.2 and Kerio Connect Client 9.2.0-9.2.2 - Clickjacking via Email Preview
CVSS 6.5
CVE-2017-0492 MEDIUM
Android 7.1.1 - Privilege Escalation
CVSS 5.5
CVE-2017-5026 MEDIUM
Google Chrome < 56.0.2924.76 - Unauthenticated UI Layer Spoofing via Swapped Frame Alerts
CVSS 4.3
Details
Vulnerabilities 390
Links
MITRE CWE Entry Search this CWE With Exploits