Total
312 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13119 | 1 Gogogate | 2 Ismartgate Pro, Ismartgate Pro Firmware | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| ismartgate PRO 1.5.9 is vulnerable to clickjacking. | |||||
| CVE-2020-10951 | 1 Westerndigital | 2 Ibi, My Cloud Home | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
| Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages. | |||||
| CVE-2020-10743 | 2 Elastic, Redhat | 2 Kibana, Openshift Container Platform | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP's distribution of Kibana, such as clickjacking. | |||||
| CVE-2020-0014 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable. This could lead to a local escalation of privilege with no additional execution privileges needed. User action is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-128674520 | |||||
| CVE-2019-9147 | 1 Mailvelope | 1 Mailvelope | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Mailvelope prior to 3.1.0 is vulnerable to a clickjacking attack against the settings page. As the settings page is intended to be accessible from web applications, the browser's extension isolation mechanisms are disabled (web_accessible_resources). Mailvelope implements additional measures to prevent web applications from directly embedding the settings page, but this mechanism can be bypassed. | |||||
| CVE-2019-8771 | 1 Apple | 2 Iphone Os, Safari | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy. | |||||
| CVE-2019-7393 | 1 Ca | 2 Risk Authentication, Strong Authentication | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases. | |||||
| CVE-2019-5861 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient data validation in Blink in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to bypass anti-clickjacking policy via a crafted HTML page. | |||||
| CVE-2019-5767 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Android and 4 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK. | |||||
| CVE-2019-5243 | 1 Huawei | 2 Hg255s, Hg255s Firmware | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| There is a Clickjacking vulnerability in Huawei HG255s product. An attacker may trick user to click a link and affect the integrity of a device by exploiting this vulnerability. | |||||
| CVE-2019-4742 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Financial Transaction Manager 3.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 172877. | |||||
| CVE-2019-4548 | 1 Ibm | 1 Security Directory Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Security Directory Server 6.4.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 165950. | |||||
| CVE-2019-4323 | 1 Hcltech | 1 Appscan | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| "HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame." | |||||
| CVE-2019-4285 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could send a specially-crafted HTTP request to hijack the victim's click actions or launch other client-side browser attacks. IBM X-Force ID: 160513. | |||||
| CVE-2019-4217 | 1 Ibm | 1 Security Information Queue | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 159226. | |||||
| CVE-2019-4109 | 1 Ibm | 1 Websphere Extreme Scale | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere eXtreme Scale 8.6 Admin Console could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 158102. | |||||
| CVE-2019-4086 | 1 Ibm | 1 Application Performance Management | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Cloud Application Performance Management 8.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 157509. | |||||
| CVE-2019-4058 | 1 Ibm | 1 Bigfix Platform | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to manipulate the UI into exposing interface elements and information normally restricted to administrators. IBM X-Force ID: 156570. | |||||
| CVE-2019-3794 | 1 Pivotal Software | 1 Cloud Foundry Uaa | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perform clickjacking attacks on UAA's frontend sites. | |||||
| CVE-2019-3639 | 1 Mcafee | 1 Web Gateway | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjacking attacks via a crafted web page that contains an iframe via does not send an X-Frame-Options HTTP header. | |||||