CWE-1021

Improper Restriction of Rendered UI Layers or Frames

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain.

390 vulnerabilities with CWE-1021
CVE-2017-5016 MEDIUM
Google Chrome <56.0.2924.76-56.0.2924.87 - Info Disclosure
CVSS 6.5
CVE-2016-5710 MEDIUM
NetApp Snap Creator Framework <4.3P1 - CSRF
CVSS 4.6
CVE-2016-2496 CRITICAL
Android 6.x - Tapjacking Attack via Overlapping Window
CVSS 9.8
CVE-2015-5686 HIGH
Puppet Enterprise Console 3.x - CSRF
CVSS 8.8
CVE-2015-1241
Google Chrome <42.0.2311.90 - Info Disclosure
CVE-2014-1483
Mozilla Firefox <27.0 & SeaMonkey <2.24 - CSRF
CVE-2014-1480
Mozilla Firefox <27.0 & SeaMonkey <2.24 - CSRF
CVE-2013-5594 MEDIUM
Mozilla Firefox <25 - Info Disclosure
CVSS 4.3
CVE-2013-2682 MEDIUM
Cisco Linksys E4200 <1.0.05 Build 7 - Info Disclosure
CVSS 4.3
CVE-2013-2675 MEDIUM
Brother MFC-9970CDW Firmware L - Clickjacking via Frameable Response
CVSS 6.5
CVE-2013-6772 MEDIUM
Splunk < 5.0.4 - Clickjacking via Missing X-Frame-Options Header
CVSS 4.3
CVE-2013-5614
Mozilla Firefox <26.0 & SeaMonkey <2.23 - XSS
CVE-2011-1244
Microsoft Internet Explorer 6, 7, and 8 - Information Disclosure via Frame Tag
CVE-2008-2716
Opera < 9.5 - Frame Spoofing via Location Modification
CVE-2005-2407
Opera Browser < 8.01 - Arbitrary Code Execution via Window Overlay
Details
Vulnerabilities 390
Links
MITRE CWE Entry Search this CWE With Exploits