CWE-1021
Improper Restriction of Rendered UI Layers or Frames
The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain.
376 vulnerabilities with CWE-1021
CVE-2025-49191
MEDIUM
Sick Field Analytics - Code Execution via iFrame Widget URLs
CVSS 4.8
CVE-2025-49139
MEDIUM
HAX CMS PHP <11.0.0 - SSRF
CVSS 5.3
CVE-2025-5267
MEDIUM
Firefox < 139 - Thunderbird < 128.11 - Info Disclosure
CVSS 5.4
CVE-2025-43854
MEDIUM
DIFY <1.3.0 - CSRF
CVSS 6.1
CVE-2025-32385
MEDIUM
EspoCRM <9.0.5 - XSS
CVSS 5.3
CVE-2025-0362
MEDIUM
GitLab CE/EE <17.8.7-17.10.4 - CSRF
CVSS 6.4
CVE-2025-25213
MEDIUM
Wi-Fi AP UNIT AC-WPS-11ac - Info Disclosure
CVSS 6.5
CVE-2025-31138
MEDIUM
tarteaucitron.js <1.20.1 - XSS
CVSS 5.5
CVE-2025-24310
MEDIUM
HMI ViewJet C-more - Info Disclosure
CVSS 4.3
CVE-2025-1923
MEDIUM
Google Chrome <134.0.6998.35 - XSS
CVSS 4.3
CVE-2025-1917
MEDIUM
Google Chrome <134.0.6998.35 - CSRF
CVSS 4.3
CVE-2025-1940
HIGH
Firefox < 136 - Info Disclosure
CVSS 7.1
CVE-2025-24874
MEDIUM
SAP Commerce (Backoffice) - Info Disclosure
CVSS 6.8
CVE-2025-1019
MEDIUM
Firefox < 135 - Spoofing
CVSS 4.3
CVE-2025-1018
MEDIUM
Firefox < 135 - Info Disclosure
CVSS 5.3
CVE-2024-13066
MEDIUM
Akinsoft LimonDesk <1.02.17 - XSS
CVSS 4.3
CVE-2024-49796
MEDIUM
IBM ApplinX 11.1 - CSRF
CVSS 5.4
CVE-2024-6466
MEDIUM
NEC WebSAM DeploymentManager 6.0-6.80 - SSRF
CVSS 5.3
CVE-2024-57369
MEDIUM
Typecho <1.2.1 - CSRF
CVSS 6.4
CVE-2024-56436
MEDIUM
UIExtension - Info Disclosure
CVSS 5.5
CVE-2024-56435
MEDIUM
UIExtension - Info Disclosure
CVSS 6.2
CVE-2024-55888
HIGH
Hush Line <0.3.5 - CSRF
CVSS 7.1
CVE-2024-54112
MEDIUM
UIExtension - Info Disclosure
CVSS 5.5
CVE-2024-54110
MEDIUM
UIExtension - Info Disclosure
CVSS 6.2
CVE-2024-53976
MEDIUM
Firefox for iOS < 133 - Info Disclosure
CVSS 5.4
Details
Vulnerabilities
376