Search
Total
121 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19001 | 1 Abb | 1 Esoms | 2020-04-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials. | |||||
| CVE-2020-2105 | 1 Jenkins | 1 Jenkins | 2020-03-17 | 4.3 MEDIUM | 5.4 MEDIUM |
| REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks. | |||||
| CVE-2013-5594 | 1 Mozilla | 1 Firefox | 2020-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml binding | |||||
| CVE-2020-0014 | 1 Google | 1 Android | 2020-02-19 | 4.3 MEDIUM | 5.5 MEDIUM |
| It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable. This could lead to a local escalation of privilege with no additional execution privileges needed. User action is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-128674520 | |||||
| CVE-2016-5710 | 1 Netapp | 1 Snap Creator Framework | 2020-02-13 | 3.5 LOW | 4.6 MEDIUM |
| NetApp Snap Creator Framework before 4.3P1 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. | |||||
| CVE-2013-2675 | 1 Brother | 2 Mfc-9970cdw, Mfc-9970cdw Firmware | 2020-02-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Brother MFC-9970CDW 1.10 devices with Firmware L contain a Frameable response (Clickjacking) vulnerability which could allow remote attackers to obtain sensitive information. | |||||
| CVE-2013-2682 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2020-02-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vulnerability which allows remote attackers to obtain sensitive information. | |||||
| CVE-2019-4548 | 1 Ibm | 1 Security Directory Server | 2020-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Security Directory Server 6.4.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 165950. | |||||
| CVE-2013-6772 | 1 Splunk | 1 Splunk | 2020-01-27 | 4.3 MEDIUM | 4.3 MEDIUM |
| Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking | |||||
| CVE-2019-4742 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2019-12-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Financial Transaction Manager 3.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 172877. | |||||
| CVE-2019-15930 | 1 Intesync | 1 Solismed | 2019-12-13 | 4.3 MEDIUM | 4.3 MEDIUM |
| Intesync Solismed 3.3sp allows Clickjacking. | |||||
| CVE-2019-5861 | 1 Google | 1 Chrome | 2019-12-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient data validation in Blink in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to bypass anti-clickjacking policy via a crafted HTML page. | |||||
| CVE-2019-17131 | 1 Vbulletin | 1 Vbulletin | 2019-10-11 | 4.3 MEDIUM | 4.3 MEDIUM |
| vBulletin before 5.5.4 allows clickjacking. | |||||
| CVE-2019-4086 | 1 Ibm | 1 Application Performance Management | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Cloud Application Performance Management 8.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 157509. | |||||
| CVE-2019-4109 | 1 Ibm | 1 Websphere Extreme Scale | 2019-10-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere eXtreme Scale 8.6 Admin Console could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 158102. | |||||
| CVE-2017-11290 | 1 Adobe | 1 Connect | 2019-10-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A UI Redress (or Clickjacking) vulnerability exists. This issue has been resolved by adding a feature that enables Connect administrators to protect users from UI redressing (or clickjacking) attacks. | |||||
| CVE-2017-0492 | 1 Google | 1 Android | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| An elevation of privilege vulnerability in the System UI could enable a local malicious application to create a UI overlay covering the entire screen. This issue is rated as Moderate because it is a local bypass of user interaction requirements that would normally require either user initiation or user permission. Product: Android. Versions: 7.1.1. Android ID: A-30150688. | |||||
| CVE-2017-5026 | 1 Google | 1 Chrome | 2019-10-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to prevent alerts from being displayed by swapped out frames, which allowed a remote attacker to show alerts on a page they don't control via a crafted HTML page. | |||||
| CVE-2017-5016 | 1 Google | 1 Chrome | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to prevent certain UI elements from being displayed by non-visible pages, which allowed a remote attacker to show certain UI elements on a page they don't control via a crafted HTML page. | |||||
| CVE-2018-12576 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2019-10-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking. | |||||
| CVE-2019-16175 | 1 Limesurvey | 1 Limesurvey | 2019-09-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| A clickjacking vulnerability was found in Limesurvey before 3.17.14. | |||||