CWE-1021

Improper Restriction of Rendered UI Layers or Frames

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain.

388 vulnerabilities with CWE-1021

CVE-2024-31324 HIGH

WindowState.java - Privilege Escalation

CVSS 7.3

CVE-2024-31323 HIGH

Android - Local Privilege Escalation via Tapjacking in Health Permissions Dialog

CVSS 7.8

CVE-2024-2177 MEDIUM

GitLab 16.3-16.11.5, 17.0-17.0.3, 17.1-17.1.1 - Cross Window Forgery via OAuth Authentication Flow

CVSS 6.8

CVE-2024-30109 LOW

HCL DRYiCE AEX - Clickjacking via Unprotected UI Layers

CVSS 3.7

CVE-2024-33377 HIGH

LB-LINK BL-W1210M v2.0 - Clickjacking via Administrator Login Page

CVSS 8.1

CVE-2024-5698 MEDIUM

Firefox < 127 - User Interface Misrepresentation via Fullscreen Data-List Overlay

CVSS 6.1

CVE-2024-2383 MEDIUM

zenml <= 0.55.5 - Clickjacking via Missing X-Frame-Options Header

CVSS 6.1

CVE-2024-4950 MEDIUM

Google Chrome < 125.0.6422.60 - UI Spoofing via Crafted HTML Page

CVSS 6.5

CVE-2024-3911 MEDIUM

Welotec SMART EMS and VPN Security Suite <= 3.1.4 - Clickjacking

CVSS 6.5

CVE-2024-29981 MEDIUM

Microsoft Edge Chromium < 122.0.2365.120 - Spoofing via UI Layer Restriction Bypass

CVSS 4.3

CVE-2024-2613 HIGH

Firefox < 124.0 - Denial of Service via QUIC ACK Frame Decoding

CVSS 7.5

CVE-2024-28196 MEDIUM

your_spotify < 1.9.0 - Clickjacking via Unrestricted iframe Embedding

CVSS 6.5

CVE-2024-26167 MEDIUM

Microsoft Edge < 122.0.2365.92 - Spoofing via UI Layer Restriction Bypass

CVSS 4.3

CVE-2024-1890 MEDIUM

Sunny WebBox Firmware < 1.61 - Clickjacking via Malicious Link

CVSS 6.4

CVE-2024-1550 MEDIUM

Firefox < 123 and ESR < 115.8 - UI Spoofing via Fullscreen and Pointer Lock

CVSS 6.1

CVE-2024-20810 LOW

Smart Suggestions <SMR Feb-2024 Release 1 - Info Disclosure

CVSS 3.3

CVE-2024-0669 MEDIUM

Plone < 6.0.5 - Cross-Frame Scripting via Malicious URL

CVSS 6.3

CVE-2023-7013 MEDIUM

Google Chrome <119.0.6045.105 - XSS

CVSS 4.7

CVE-2023-42011 MEDIUM

IBM Sterling B2B Integrator Standard Edition 6.1-6.2 - Info Disclosure

CVSS 4.3

CVE-2023-47774 MEDIUM

Jetpack < 12.7 - Clickjacking via Improper UI Layer Restriction

CVSS 5.4

CVE-2023-45698 MEDIUM

HCL Sametime Chat and Meetings - Clickjacking via Outlook Add-in

CVSS 4.8

CVE-2023-6093 MEDIUM

OnCell G3150A-LTE Series <1.3 - XSS

CVSS 5.3

CVE-2023-6867 MEDIUM

Firefox < 121.0 and Firefox ESR < 115.6 - Clickjacking via Permission Prompt Timing

CVSS 6.1

CVE-2023-4958 MEDIUM

Red Hat Advanced Cluster Security - CSRF

CVSS 6.1

CVE-2023-2265 MEDIUM

SEL-411L Firmware r118-v0 to r118-v4 - Unauthenticated Clickjacking via UI Layer Manipulation

CVSS 4.3

Details

Vulnerabilities 388

Links