CWE-1021

Improper Restriction of Rendered UI Layers or Frames

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain.

388 vulnerabilities with CWE-1021
CVE-2022-24733 MEDIUM
Sylius <1.9.10, <1.10.11, <1.11.2 - CSRF
CVSS 6.1
CVE-2022-0110 MEDIUM
Google Chrome < 97.0.4692.71 - Unauthenticated Security UI Spoofing via Autofill
CVSS 4.3
CVE-2022-22807 HIGH
EcoStruxure EV Charging Expert <SP8 - UI Layer Modification
CVSS 7.4
CVE-2022-22552 MEDIUM
Dell EMC AppSync 3.9-4.3 - Clickjacking
CVSS 6.9
CVE-2021-29827 MEDIUM
IBM InfoSphere Information Server 11.7 - CSRF
CVSS 5.2
CVE-2021-29865 MEDIUM
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, 7.0.2 - Clickjacking
CVSS 5.4
CVE-2021-39691 HIGH
Android - Tapjacking via WindowManager Incorrect Window Flag
CVSS 7.3
CVE-2021-27773 MEDIUM
Hcltech HCL Sametime Meeting Chat - Clickjacking
CVSS 4.2
CVE-2021-39796 HIGH
Android - Tapjacking/Overlay Attack via HarmfulAppWarningActivity
CVSS 7.3
CVE-2021-44683 HIGH
DuckDuckGo < 7.64.18 - Address Bar Spoofing via JavaScript window.open
CVSS 8.2
CVE-2021-39702 HIGH
Android - Local Privilege Escalation via Tapjacking in RequestManageCredentials
CVSS 7.8
CVE-2021-39692 HIGH
Android - Local Privilege Escalation via Tapjacking Overlay Attack
CVSS 7.8
CVE-2021-27414 MEDIUM
Hitachi ABB Power Grids Ellipse EAM <9.0.25 - CSRF
CVSS 5.5
CVE-2021-46708 MEDIUM
swagger-ui-dist < 4.1.3 - Clickjacking via UI Layer Manipulation
CVSS 6.1
CVE-2021-41657 MEDIUM
SmartBear CodeCollaborator <6.1.6102 - CSRF
CVSS 6.1
CVE-2021-3660 MEDIUM
cockpit-project/cockpit < 254 - Clickjacking via iFrame Rendering
CVSS 4.3
CVE-2021-39038 MEDIUM
IBM WebSphere Application Server <22.0.0.2 - CSRF
CVSS 5.4
CVE-2021-39669 HIGH
Android 11-12 - Tapjacking/Overlay Attack via InstallCaCertificateWarning
CVSS 7.8
CVE-2021-22819 MEDIUM
Schneider Electric EVlink Firmware < 3.4.0.2 - Clickjacking via Web Interface iframe
CVSS 4.3
CVE-2021-1036 HIGH
Android - Local Privilege Escalation via Tapjacking Overlay Attack
CVSS 7.8
CVE-2021-34087 HIGH
Ultimaker S3/S5/3 Firmware - Clickjacking via Local Webserver
CVSS 7.1
CVE-2021-1040 HIGH
Android - Local Privilege Escalation via Tapjacking Overlay Attack
CVSS 7.8
CVE-2021-1039 HIGH
Android - Privilege Escalation via Tapjacking Overlay Attack in NotificationAccessActivity
CVSS 7.8
CVE-2021-1038 MEDIUM
Android - Denial of Service via Tapjacking Overlay Attack
CVSS 5.5
CVE-2021-1016 HIGH
Android - Local Privilege Escalation via Tapjacking Overlay Attack
CVSS 7.3
Details
Vulnerabilities 388
Links
MITRE CWE Entry Search this CWE With Exploits