CWE-1021

Improper Restriction of Rendered UI Layers or Frames

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain.

376 vulnerabilities with CWE-1021
CVE-2025-0421 MEDIUM
Shopside <05022025 - Info Disclosure
CVSS 4.7
CVE-2025-64387 MEDIUM
Web Application - CSRF
CVE-2025-30191 MEDIUM
Email - CSRF
CVSS 5.4
CVE-2025-28129 MEDIUM
Phpgurukul Hostel Mgt Sys 2.1 - CSRF
CVSS 5.4
CVE-2025-52658 LOW
HCL MyXalytics - Info Disclosure
CVSS 3.5
CVE-2025-59950 MEDIUM
FreshRSS <1.26.3 - CSRF
CVSS 6.7
CVE-2025-57769 MEDIUM
Freshrss < 1.27.0 - XSS
CVSS 6.1
CVE-2025-0546 MEDIUM
MevzuatTR <12.02.2025 - XSS
CVSS 4.7
CVE-2025-32350 HIGH
Android - Privilege Escalation
CVSS 7.8
CVE-2025-32349 HIGH
Google Android - Privilege Escalation
CVSS 7.8
CVE-2025-41000 LOW
BoomCMS v9.1.4 - XSS
CVE-2025-22419 HIGH
Multiple Locations - Privilege Escalation
CVSS 7.3
CVE-2025-22417 HIGH
Java - Privilege Escalation
CVSS 7.3
CVE-2025-1494 MEDIUM
IBM Cognos Command Center 10.2.4.1-10.2.5 - CSRF
CVSS 6.1
CVE-2025-9108 MEDIUM
Login Page - XSS
CVSS 4.3
CVE-2025-54527 MEDIUM
JetBrains YouTrack <2025.2.86935-2025.3.87344 - CSRF
CVSS 6.1
CVE-2025-54139 MEDIUM
HAX CMS <11.0.12 - SSRF
CVSS 4.3
CVE-2025-7903 MEDIUM
yangzongzhuan RuoYi <4.8.1 - Improper Restriction of Rendered UI La...
CVSS 4.3
CVE-2025-6983 MEDIUM
TP-Link Archer C1200 <= 1.1.5 - XSS
CVE-2025-27455 MEDIUM
Web Application - CSRF
CVSS 4.3
CVE-2025-53096 MEDIUM
Sunshine <2025.628.4510 - CSRF
CVSS 5.4
CVE-2025-36027 MEDIUM
IBM Datacap <9.1.7-9.1.9 - CSRF
CVSS 5.4
CVE-2025-6557 MEDIUM
Google Chrome <138.0.7204.49 - RCE
CVSS 5.4
CVE-2025-6434 MEDIUM
Firefox < 140 - CSRF
CVSS 4.3
CVE-2025-49192 MEDIUM
Web Application - CSRF
CVSS 4.3
Details
Vulnerabilities 376
Links
MITRE CWE Entry Search this CWE With Exploits