CWE-1021

Improper Restriction of Rendered UI Layers or Frames

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain.

388 vulnerabilities with CWE-1021
CVE-2022-32919 MEDIUM
iPadOS < 16.2 - UI Spoofing via Malicious Framed Content
CVSS 4.7
CVE-2022-20443 HIGH
Android 13 - Tapjacking/Overlay Attack in Layer.cpp
CVSS 7.8
CVE-2022-43378 MEDIUM
NetBotz 4 - Improper Restriction of Rendered UI Layers or Frames
CVSS 6.5
CVE-2022-32891 MEDIUM
Safari < 16.0 - UI Spoofing via Malicious Framed Content
CVSS 6.1
CVE-2022-40268 MEDIUM
Mitsubishi Electric GOT2000 Series - CSRF
CVSS 6.1
CVE-2022-45096 MEDIUM
Dell PowerScale OneFS <9.3.0 - Info Disclosure
CVSS 5.4
CVE-2022-32517 MEDIUM
Conext ComBox Firmware - Clickjacking via Unrestricted UI Layer Rendering
CVSS 6.5
CVE-2022-20215 MEDIUM
Android - Local Denial of Service via Tapjacking Overlay Attack
CVSS 5.5
CVE-2022-20214 MEDIUM
Android 10-12 - Tapjacking Attack via Car Settings Toggle Button
CVSS 4.7
CVE-2022-20213 MEDIUM
Android - Denial of Service via Tapjacking/Overlay Attack in ApplicationsDetailsActivity
CVSS 5.5
CVE-2022-45420 MEDIUM
Firefox ESR < 102.5 & Thunderbird < 102.5 & Firefox < 107 - XSS
CVSS 6.5
CVE-2022-45418 MEDIUM
Firefox ESR < 102.5 & Thunderbird < 102.5 & Firefox < 107 - SSRF
CVSS 6.1
CVE-2022-45417 MEDIUM
Firefox < 107.0 - Private Browsing Mode Information Disclosure via Service Worker Storage
CVSS 4.3
CVE-2022-3034 MEDIUM
Thunderbird <102.2.1-<91.13.1 - XSS
CVSS 4.3
CVE-2022-36319 HIGH
Firefox < 103.0 and Firefox ESR < 102.1 - UI Layer Spoofing via CSS Overflow and Transform
CVSS 7.5
CVE-2022-29914 MEDIUM
Firefox < 100.0 and Firefox ESR < 91.9 - UI Spoofing via Fullscreen Notification Overlay
CVSS 6.5
CVE-2022-29911 MEDIUM
Thunderbird <91.9 & Firefox <100 - XSS
CVSS 6.1
CVE-2022-28286 MEDIUM
Firefox < 99.0 and Firefox ESR < 91.8 - UI Spoofing via Iframe Layout Rendering
CVSS 5.4
CVE-2022-20553 MEDIUM
Android 13 - Local Privilege Escalation via Tapjacking/Overlay Attack
CVSS 6.5
CVE-2022-20520 HIGH
Android 13 - Local Privilege Escalation via Tapjacking/Overlay Attack
CVSS 7.8
CVE-2022-46695 MEDIUM
Apple TV OS <16.2- iPad OS <16.2 - Spoofing
CVSS 6.5
CVE-2022-20501 HIGH
Android - Tapjacking/Overlay Attack via EnableAccountPreferenceActivity
CVSS 7.3
CVE-2022-20442 HIGH
Android - Local Privilege Escalation via Tapjacking Overlay Attack
CVSS 7.3
CVE-2022-46061 MEDIUM
AeroCMS 0.0.1 - ClickJacking
CVSS 6.1
CVE-2022-34318 MEDIUM
IBM CICS TX 11.1 - Clickjacking via Malicious Website
CVSS 5.4
Details
Vulnerabilities 388
Links
MITRE CWE Entry Search this CWE With Exploits