CWE-1021

Improper Restriction of Rendered UI Layers or Frames

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain.

388 vulnerabilities with CWE-1021
CVE-2025-52987 MEDIUM
Juniper Networks Paragon Automation <24.1.1 - CSRF
CVSS 6.1
CVE-2025-65922 MEDIUM
Planka 2.0.0 - UI Redressing via Missing X-Frame-Options and CSP Headers
CVSS 4.3
CVE-2025-14812 HIGH
ArcSearch < 1.45.2 - Address Bar Spoofing via iframe-triggered URI Navigation
CVSS 7.5
CVE-2025-14809 HIGH
ArcSearch < 1.12.6 - Address Bar Spoofing via Crafted Web Content
CVSS 7.4
CVE-2025-59849 MEDIUM
HCL BigFix Remote Control Lite Web Portal <10.1.0.0326 - XSS
CVSS 4.7
CVE-2025-59479 MEDIUM
CHOCO TEI WATCHER mini - Info Disclosure
CVSS 6.1
CVE-2025-14373 MEDIUM
Google Chrome <143.0.7499.110 - SSRF
CVSS 4.3
CVE-2025-48639 HIGH
Android - Tapjacking/Overlay Attack via DefaultTransitionHandler
CVSS 7.3
CVE-2025-48597 HIGH
Multiple Locations - Privilege Escalation
CVSS 7.8
CVE-2025-63522 MEDIUM
FeehiCMS 2.1.1 - Reverse Tabnabbing in Comments Management
CVSS 4.6
CVE-2025-36149 MEDIUM
IBM Concert 1.0.0-2.0.0 - Clickjacking
CVSS 6.3
CVE-2025-13132 HIGH
Dia < 1.6.0 - Unauthenticated UI Spoofing via Fullscreen Notification Bypass
CVSS 7.4
CVE-2025-0421 MEDIUM
Shopside <05022025 - Info Disclosure
CVSS 4.7
CVE-2025-64387 MEDIUM
Circutor TCPRS1plus >=1.0.14 <1.0.14 - Clickjacking
CVE-2025-30191 MEDIUM
OX App Suite < 7.6.3-rev77, < 8.35.111, < 8.38.82, < 8.39.79, < 8.40.57 - Clickjacking via HTML Fragment Injection
CVSS 5.4
CVE-2025-28129 MEDIUM
Phpgurukul Hostel Mgt Sys 2.1 - CSRF
CVSS 5.4
CVE-2025-52658 LOW
HCL MyXalytics - Info Disclosure
CVSS 3.5
CVE-2025-59950 MEDIUM
FreshRSS < 1.27.0 - Clickjacking Bypass via Double Click Confirmation Dialog
CVSS 6.7
CVE-2025-57769 MEDIUM
FreshRSS < 1.27.0 - Cross-Site Scripting and Privilege Escalation via Iframe UI Obscuring
CVSS 6.1
CVE-2025-0546 MEDIUM
MevzuatTR < 12.02.2025 - Authenticated Clickjacking via iFrame Overlay
CVSS 4.7
CVE-2025-32350 HIGH
Android - Tapjacking/Overlay Attack via ControlsSettingsDialog
CVSS 7.8
CVE-2025-32349 HIGH
Android - Privilege Escalation via Tapjacking/Overlay Attack
CVSS 7.8
CVE-2025-41000 LOW
BoomCMS 9.1.4 - Cross-Frame Scripting
CVE-2025-22419 HIGH
Multiple Locations - Privilege Escalation
CVSS 7.3
CVE-2025-22417 HIGH
Android - Tapjacking/Overlay Attack via Transition.java finishTransition
CVSS 7.3
Details
Vulnerabilities 388
Links
MITRE CWE Entry Search this CWE With Exploits