CWE-1021

Improper Restriction of Rendered UI Layers or Frames

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain.

388 vulnerabilities with CWE-1021
CVE-2023-6211 MEDIUM
Firefox < 120.0 - UI Spoofing via HTTPS-Only Mode Exception Clickjacking
CVSS 6.5
CVE-2023-6206 MEDIUM
Firefox < 120, Firefox ESR < 115.5.0, Thunderbird < 115.5 - Info Di...
CVSS 5.4
CVE-2023-47311 MEDIUM
Yamcs 5.8.6 - Command Injection
CVSS 6.1
CVE-2023-4956 MEDIUM
Quay - Clickjacking in Config-Editor Page
CVSS 6.5
CVE-2023-36920 MEDIUM
SAP Enable Now - WPB_MANAGER <1.0-ENABLE_NOW_CONSUMP_DEL 1704 - XSS
CVSS 6.1
CVE-2023-5721 MEDIUM
Firefox < 119.0 and Firefox ESR < 115.4 - Unintended UI Layer Activation via Insufficient Activation-Delay
CVSS 4.3
CVE-2023-41897 HIGH
Home Assistant < 2023.9.0 - Clickjacking via Missing X-Frame-Options Header
CVSS 8.8
CVE-2023-5103 MEDIUM
SICK APU0200 Firmware < 4.0.0.6 - Unauthenticated Sensitive Information Exposure via Clickjacking
CVSS 4.3
CVE-2023-38873 MEDIUM
gugoan Economizzer <0.9-beta1 - CSRF
CVSS 6.5
CVE-2023-30961 MEDIUM
Palantir Gotham - Info Disclosure
CVSS 6.5
CVE-2023-0654 LOW
Cloudflare WARP < 6.29 - Tapjacking via Misconfigured UI Layer
CVSS 3.9
CVE-2023-4229 MEDIUM
Moxa ioLogik E4200 Firmware < 1.6 - Clickjacking
CVSS 4.3
CVE-2023-37455 MEDIUM
Firefox for iOS < 115 - Info Disclosure
CVSS 5.4
CVE-2023-34658 MEDIUM
Telegram 9.6.3 - UI Layer Spoofing via SFSafariViewController
CVSS 5.3
CVE-2023-23343 LOW
HCL BigFix OSD Bare Metal Server < 311.12 - Clickjacking via Transparent or Opaque Layers
CVSS 2.4
CVE-2023-2013 LOW
GitLab CE/EE <15.10.8, <15.11.7, <16.0.2 - Info Disclosure
CVSS 2.6
CVE-2023-3140 MEDIUM
KNIME Business Hub < 1.4.0 - Clickjacking via Missing HTTP Headers
CVSS 4.3
CVE-2023-28159 MEDIUM
Firefox < 111.0 - UI Spoofing via Fullscreen Notification Bypass
CVSS 4.3
CVE-2023-25748 MEDIUM
Firefox < 111.0 - UI Spoofing via Fullscreen Notification Obscuring
CVSS 4.3
CVE-2023-25730 MEDIUM
Firefox <110, Thunderbird <102.8, Firefox ESR <102.8 - Info Disclosure
CVSS 5.4
CVE-2023-1362 MEDIUM
unilogies/bumsys <2.0.2 - Info Disclosure
CVSS 6.1
CVE-2023-0780 MEDIUM
Cockpit <2.3.9-dev - Info Disclosure
CVSS 5.4
CVE-2023-23126 MEDIUM
Connectwise Automate 2022.11 - CSRF
CVSS 6.1
CVE-2023-20913 HIGH
Android - Tapjacking/Overlay Attack via PhoneAccountSettingsActivity
CVSS 7.8
CVE-2023-0057 MEDIUM
pyload <0.5.0b3.dev33 - Info Disclosure
CVSS 6.1
Details
Vulnerabilities 388
Links
MITRE CWE Entry Search this CWE With Exploits