CWE-1021

Improper Restriction of Rendered UI Layers or Frames

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain.

388 vulnerabilities with CWE-1021
CVE-2022-3260 MEDIUM
Redhat Red Hat OpenShift - Clickjacking via Missing X-FRAME-OPTIONS Header
CVSS 4.8
CVE-2022-42799 MEDIUM
Safari < 16.1 - User Interface Spoofing via Malicious Website
CVSS 6.1
CVE-2022-36182 MEDIUM
Hashicorp Boundary < 0.11.0 - Clickjacking
CVSS 6.1
CVE-2022-22503 MEDIUM
IBM Robotic Process Automation 21.0.0 - CSRF
CVSS 6.1
CVE-2022-3167 HIGH
GitHub ikus060/rdiffweb <2.4.1 - Info Disclosure
CVSS 8.8
CVE-2022-36736 MEDIUM
Jitsi 2.10.5550 - Clickjacking via Crafted HTTP Request
CVSS 6.1
CVE-2022-2965 MEDIUM
notrinos/notrinoserp <0.7 - Info Disclosure
CVSS 4.3
CVE-2022-2800 MEDIUM
SourceCodester Gym Management System - XSS
CVSS 4.3
CVE-2022-20331 HIGH
Android 13 - Local Privilege Escalation via Tapjacking Overlay Attack
CVSS 7.8
CVE-2022-20852 MEDIUM
Cisco Webex Meetings - Cross-Site Scripting and Frame Hijacking
CVSS 5.4
CVE-2022-20820 MEDIUM
Cisco Webex Meetings - Cross-Site Scripting and Frame Hijacking
CVSS 5.4
CVE-2022-2734 MEDIUM
openemr/openemr <7.0.0.1 - Info Disclosure
CVSS 5.4
CVE-2022-33727 MEDIUM
SecDevicePickerDialog <SMR Aug-2022 Release 1 - Info Disclosure
CVSS 4.8
CVE-2022-33723 MEDIUM
BluetoothScanDialog <SMR Aug-2022 Release 1 - Info Disclosure
CVSS 4.8
CVE-2022-34162 MEDIUM
IBM CICS TX 11.1 - Clickjacking via Malicious Website
CVSS 6.1
CVE-2022-1138 MEDIUM
Google Chrome <100.0.4896.60 - Info Disclosure
CVSS 6.5
CVE-2022-2179 MEDIUM
Rockwell Automation MicroLogix <21.007 - CSRF
CVSS 6.5
CVE-2022-20226 LOW
Android - Tapjacking via WindowManagerService Input Validation
CVSS 3.9
CVE-2022-20212 HIGH
Android 10-11 - Tapjacking/Overlay Attack via Wifi.RequestToggleWifiActivity
CVSS 7.8
CVE-2022-28889 MEDIUM
Apache Druid < 0.23.0 - Clickjacking via Missing Content-Security-Policy Header
CVSS 4.3
CVE-2022-27220 MEDIUM
SINEMA Remote Connect Server < V3.0 SP2 - Info Disclosure
CVSS 4.3
CVE-2022-27219 MEDIUM
SINEMA Remote Connect Server < V3.0 SP2 - Info Disclosure
CVSS 4.3
CVE-2022-1803 MEDIUM
polonel/trudesk <1.2.2 - Info Disclosure
CVSS 6.9
CVE-2022-28649 MEDIUM
JetBrains YouTrack <2022.1.43563 - SSRF
CVSS 4.6
CVE-2022-0455 MEDIUM
Google Chrome < 98.0.4758.80 - URL Spoofing via Full Screen Mode
CVSS 6.5
Details
Vulnerabilities 388
Links
MITRE CWE Entry Search this CWE With Exploits