CVE Daily
← All tags

Tag: Clickjacking

All CVEs associated with "Clickjacking". Page 2/3 • 248 CVEs.

Subscribe CVEs: RSS for “Clickjacking”  ·  RSS (High+Critical only)

About “Clickjacking”

A curated feed of “Clickjacking”-related CVEs appears below. We currently track 248 CVEs for this tag (all time). In the last 365 days, 29 were published. Average CVSS is 5.4 (all time; 5.2 over 365d), and 8% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-1021 - Improper Restriction of Rendered UI Layers or Frames, CWE-693 - Protection Mechanism Failure, CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').

In our taxonomy this topic maps to a LOW impact class. Common exploitation patterns for this weakness can lead to low. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2019-06-10
Medium

CVE-2019-5243

There is a Clickjacking vulnerability in Huawei HG255s product. An attacker may trick user to click a link and affect the integrity of a device by exploiting this vulnerability.

CVSS: 4.3 CWE: CWE-1021 - Improper Restriction of Rendered UI Layers or Frames View on NVD
2019-04-01
Medium

CVE-2019-3876

A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherw…

CVSS: 6.3 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2017-16775

Improper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote attackers to conduct clickjacking attacks via unspecified vec…

CVSS: 7.1 CWE: CWE-1021 - Improper Restriction of Rendered UI Layers or Frames View on NVD
2019-02-28
High

CVE-2018-18496

When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing…

CVSS: 8.8 CWE: CWE-1021 - Improper Restriction of Rendered UI Layers or Frames View on NVD
2019-01-09
Medium

CVE-2018-16172

Improper countermeasure against clickjacking attack in client certificates management screen was discovered in Cybozu Remote Service 3.0.0 to 3.1.8, that allows remote attackers to trick a user to de…

CVSS: 6.5 CWE: CWE-1021 - Improper Restriction of Rendered UI Layers or Frames View on NVD
2018-12-19
Medium

CVE-2018-17192

The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. Some browsers would interpret these results incorrectly, allowing c…

CVSS: 6.5 CWE: CWE-1021 - Improper Restriction of Rendered UI Layers or Frames View on NVD
2018-11-01
Medium

CVE-2018-6909

A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by t…

CVSS: 6.5 CWE: CWE-1021 - Improper Restriction of Rendered UI Layers or Frames View on NVD
2018-10-05
Medium

CVE-2018-15423

A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to in…

CVSS: 4.7 CWE: CWE-693 - Protection Mechanism Failure View on NVD
2018-07-31
Medium

CVE-2017-13652

NetApp OnCommand Insight version 7.3.0 and versions prior to 7.2.0 are susceptible to clickjacking attacks which could cause a user to perform an unintended action in the user interface.

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
2018-07-27
Low

CVE-2017-2658

It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which mad…

CVSS: 2.6 CWE: CWE-20 - Improper Input Validation View on NVD
2018-07-02
Medium

CVE-2018-12576

TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking.

CVSS: 4.3 CWE: CWE-1021 - Improper Restriction of Rendered UI Layers or Frames View on NVD
2018-06-05
Medium

CVE-2018-1432

IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTM…

CVSS: 6.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2018-05-11
Medium

CVE-2018-5304

An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The affected web interface is vulnerable to ClickJacking or UI Redressing: it is possible to access the web appli…

CVSS: 4.3 CWE: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect') View on NVD
2018-03-09
Medium

CVE-2016-0274

IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.…

CVSS: 5.4 CWE: CWE-254 View on NVD
2018-02-26
High

CVE-2018-7491

In PrestaShop through 1.7.2.5, a UI-Redressing/Clickjacking vulnerability was found that might lead to state-changing impact in the context of a user or an admin, because the generateHtaccess functio…

CVSS: 7.5 CWE: CWE-1021 - Improper Restriction of Rendered UI Layers or Frames View on NVD
2018-02-15
Medium

CVE-2017-8972

A clickjacking vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found.

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2017-8971

A clickjacking vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found.

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2017-5783

A remote clickjacking vulnerability in HPE Matrix Operating Environment version v7.6 was found.

CVSS: 5.3 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2017-5780

A remote clickjacking vulnerability in HPE Matrix Operating Environment version v7.6 was found.

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2017-18088

Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.6 (the fixed version for 5.4.x), from version 5.5.0 be…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2018-01-16
Medium

CVE-2016-0207

IBM Algorithmics One-Algo Risk Application (ARA) 4.9.1 through 5.1.0 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. IBM X-Force ID: 109399.

CVSS: 5.4 CWE: CWE-20 - Improper Input Validation View on NVD
2018-01-03
High

CVE-2017-1000479

pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Fram…

CVSS: 8.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2017-12-09
Medium

CVE-2017-11290

An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A UI Redress (or Clickjacking) vulnerability exists. This issue has been resolved by adding a feature that enables Connect adminis…

CVSS: 6.1 CWE: CWE-1021 - Improper Restriction of Rendered UI Layers or Frames View on NVD
2017-11-10
Medium

CVE-2017-11461

NetApp OnCommand Unified Manager for 7-mode (core package) versions prior to 5.2.1 are susceptible to a clickjacking or "UI redress attack" which could be used to cause a user to perform an unintende…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2017-10-19
Medium

CVE-2012-4379

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response i…

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
2017-07-17
High

CVE-2017-3101

Adobe Connect versions 9.6.1 and earlier have a clickjacking vulnerability. Successful exploitation could lead to a clickjacking attack.

CVSS: 7.5 CWE: N/A View on NVD
2017-06-14
Medium

CVE-2017-5697

Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remot…

CVSS: 6.5 CWE: CWE-1021 - Improper Restriction of Rendered UI Layers or Frames View on NVD
2017-05-17
Medium

CVE-2017-4015

Clickjacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to inject arbitrary web script or HTML via HTTP response header.

CVSS: 4.5 CWE: CWE-1021 - Improper Restriction of Rendered UI Layers or Frames View on NVD
2017-05-02
Medium

CVE-2017-7440

Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjackin…

CVSS: 6.5 CWE: CWE-1021 - Improper Restriction of Rendered UI Layers or Frames View on NVD
2017-04-20
Medium

CVE-2016-4844

Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks.

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2017-03-23
Medium

CVE-2016-9168

A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking.

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2016-5755

NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the "high encryption" setting.

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
2017-03-06
Medium

CVE-2017-6504

WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking.

CVSS: 6.1 CWE: CWE-20 - Improper Input Validation View on NVD
2017-02-01
Medium

CVE-2016-9000

IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to nav…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2016-5984

IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted U…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2017-01-31
Medium

CVE-2016-9413

The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
2016-11-25
Medium

CVE-2016-0317

Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
2016-10-29
Medium

CVE-2016-3060

Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote aut…

CVSS: 5.7 CWE: CWE-284 - Improper Access Control View on NVD
2016-10-27
Medium

CVE-2016-6440

The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack. More Information…

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
2016-09-26
Medium

CVE-2016-5947

IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.

CVSS: 5.7 CWE: CWE-20 - Improper Input Validation View on NVD
2016-09-11
Medium

CVE-2016-5162

The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use a…

CVSS: 6.5 CWE: CWE-254 View on NVD
Medium

CVE-2016-5160

The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use a…

CVSS: 6.5 CWE: CWE-254 View on NVD
2016-08-08
Medium

CVE-2016-1474

Cisco Prime Infrastructure 2.2(2) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a cra…

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
2016-07-15
Medium

CVE-2016-0357

IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows remote attackers to conduct clickjacking attacks via a crafted web site.

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
2016-07-08
Medium

CVE-2016-0314

The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allow remote authenticated users to conduct clickjacki…

CVSS: 6.5 CWE: N/A View on NVD
2016-06-13
High

CVE-2016-2831

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (…

CVSS: 8.8 CWE: CWE-254 View on NVD
2016-05-03
Medium

CVE-2016-0895

EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity.

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2016-04-07
Medium

CVE-2016-0734

The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via…

CVSS: 6.1 CWE: CWE-254 View on NVD
2016-04-05
Medium

CVE-2016-1177

The management screen in Falcon WisePoint 4.3.1 and earlier and WisePoint Authenticator 4.1.19.22 and earlier allows remote attackers to conduct clickjacking attacks via unspecified vectors.

CVSS: 6.1 CWE: CWE-254 View on NVD
2016-02-17
Medium

CVE-2016-2072

The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.130…

CVSS: 6.1 CWE: CWE-254 View on NVD
2016-01-31
Medium

CVE-2016-1941

The file-download dialog in Mozilla Firefox before 44.0 on OS X enables a certain button too quickly, which allows remote attackers to conduct clickjacking attacks via a crafted web site that trigger…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2016-1937

The protocol-handler dialog in Mozilla Firefox before 44.0 allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a do…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2016-01-30
Medium

CVE-2016-1140

KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct clickjacking attacks via unspecified vectors.

CVSS: 6.1 CWE: CWE-254 View on NVD
2016-01-17
Medium

CVE-2015-4960

IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 allows remote authenticated users to conduct…

CVSS: 4.1 CWE: CWE-254 View on NVD
2016-01-08
Medium

CVE-2015-6434

Cisco Prime Infrastructure does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted we…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2016-01-02
Medium

CVE-2015-1928

Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.x before 6.0.0 IF4; Rational Quality Manager (R…

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
2015-12-31
Medium

CVE-2015-2918

The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct…

CVSS: 6.1 CWE: CWE-20 - Improper Input Validation View on NVD
2015-11-19
Medium

CVE-2015-4112

The Management Console in BlackBerry Enterprise Server (BES) 12 before 12.2 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attack…

CVSS: 4.3 CWE: CWE-254 View on NVD
Medium

CVE-2015-6374

The web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2015-10-27
Medium

CVE-2015-5178

The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for…

CVSS: 4.3 CWE: CWE-254 View on NVD
2015-10-06
Low

CVE-2015-4992

IBM Sterling B2B Integrator 5.2 before 5020500_8 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors.

CVSS: 3.5 CWE: CWE-20 - Improper Input Validation View on NVD
2015-09-21
Medium

CVE-2015-2917

Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2015-07-20
Low

CVE-2015-1980

IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors.

CVSS: 3.5 CWE: CWE-20 - Improper Input Validation View on NVD
2015-07-16
Medium

CVE-2015-4266

The web interface in Cisco Identity Services Engine (ISE) 1.1(4.1), 1.3(106.146), and 1.3(120.135) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to con…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2015-05-30
Medium

CVE-2015-2854

The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not send a restrictive X-Frame-Options HTTP header, which allows remo…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2015-05-25
Medium

CVE-2014-4778

IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options HTTP header in response to requests for the login page, which a…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2015-04-10
Medium

CVE-2015-3004

J-Web in Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D35, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D10, 12.3X48 before 12.3X48-D10, 12.2 before 12.2R9, 12.3 before 12.3R7, 13.…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2015-04-01
Medium

CVE-2015-0810

Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is visible, which allows remote attackers to conduct clickjacking attacks via a Flash object in conjunction with DIV elements assoc…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2015-03-27
Medium

CVE-2015-2765

The Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2015-02-25
Medium

CVE-2015-0819

The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking a…

CVSS: 4.3 CWE: CWE-19 View on NVD
2015-02-23
Medium

CVE-2015-2053

The log viewer in McAfee Agent (MA) before 4.8.0 Patch 3 and 5.0.0, when the "Accept connections only from the ePO server" option is disabled, allows remote attackers to conduct clickjacking attacks…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2015-02-12
Medium

CVE-2014-2147

The web interface in Cisco Prime Infrastructure 2.1 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspe…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2015-02-03
Medium

CVE-2015-0599

The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System (UCS) on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier f…

CVSS: 4.3 CWE: CWE-254 View on NVD
2015-01-17
Medium

CVE-2014-6197

IBM Security Network Protection 5.1.x and 5.2.x before 5.2.0.0 FP5 and 5.3.x before 5.3.0.0 FP1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2014-12-23
Medium

CVE-2014-6135

IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2014-12-18
Medium

CVE-2014-6174

IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to conduct clickjacking attacks via a crafted web site.

CVSS: 4.3 CWE: CWE-254 View on NVD
Medium

CVE-2014-6076

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a cra…

CVSS: 4.3 CWE: CWE-254 View on NVD
2014-11-18
Medium

CVE-2014-6105

IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2014-10-19
Medium

CVE-2014-4828

IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to conduct clickjacking attacks via a crafted HTTP request.

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2014-10-17
High

CVE-2014-2063

Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

CVSS: 7.5 CWE: N/A View on NVD
2014-10-05
Medium

CVE-2014-2645

HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to conduct clickjacking attacks via unknown vectors.

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2014-10-02
Medium

CVE-2014-2642

HP System Management Homepage (SMH) before 7.4 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2014-09-29
Medium

CVE-2014-3823

The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspe…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2014-08-22
Medium

CVE-2014-5243

MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attacke…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2014-06-11
Medium

CVE-2014-1539

Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attac…

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD
2014-04-29
Medium

CVE-2013-7234

Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header.

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2014-04-23
Medium

CVE-2014-2554

OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element.

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2014-03-06
Medium

CVE-2013-6315

IBM InfoSphere Enterprise Records 4.5.1 before 4.5.1.7-IER-IF001 and Enterprise Records 5.1.1 before 5.1.1.1-IER-IF003 do not properly restrict use of FRAME elements, which makes it easier for remote…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2014-02-14
Medium

CVE-2013-3988

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
2014-02-06
Medium

CVE-2014-1480

The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjac…

CVSS: 4.3 CWE: CWE-1021 - Improper Restriction of Rendered UI Layers or Frames View on NVD
2013-12-19
Medium

CVE-2013-5462

IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM Content Navigator 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2 before 2.0.2.1-ICN-FP001 allows remote attackers to conduct click…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2013-11-22
Medium

CVE-2013-6698

The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unsp…

CVSS: 4.3 CWE: CWE-264 View on NVD
2013-10-30
Medium

CVE-2013-5593

The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement o…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2013-10-10
Medium

CVE-2013-5523

The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attack…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2013-10-09
Medium

CVE-2013-3895

Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to conduct clickjacking attacks via a crafted web page, aka "Parameter Injection Vulnerability."

CVSS: 6.8 CWE: CWE-264 View on NVD
2013-10-02
Medium

CVE-2013-4066

IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to conduct clickjacking attacks by creating an overlay interface on top of the Web Console interface.

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2013-10-01
Medium

CVE-2013-5975

The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 through 11.2.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

CVSS: 4.3 CWE: CWE-264 View on NVD
2013-09-13
Medium

CVE-2013-5482

Cisco Prime LAN Management Solution (LMS) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks v…

CVSS: 4.3 CWE: CWE-264 View on NVD
2013-08-19
Medium

CVE-2013-5029

phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php.

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2013-06-26
Medium

CVE-2013-1696

Mozilla Firefox before 22.0 does not properly enforce the X-Frame-Options protection mechanism, which allows remote attackers to conduct clickjacking attacks via a crafted web site that uses the HTTP…

CVSS: 4.0 CWE: CWE-264 View on NVD
2013-06-19
Medium

CVE-2013-2866

The Flash plug-in in Google Chrome before 27.0.1453.116, as used on Google Chrome OS before 27.0.1453.116 and separately, does not properly determine whether a user wishes to permit camera or microph…

CVSS: 4.3 CWE: CWE-264 View on NVD
2013-05-10
Medium

CVE-2013-0518

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 does not refuse to be rendered in different-origin frames, whic…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2013-02-06
Medium

CVE-2012-2294

EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page.

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
2013-02-02
Medium

CVE-2013-0213

The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME el…

CVSS: 5.1 CWE: CWE-20 - Improper Input Validation View on NVD
2013-01-13
Medium

CVE-2013-0747

The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMon…

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
2012-12-05
Medium

CVE-2012-4609

The web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2012-11-24
Medium

CVE-2012-2246

Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to conduct clickjacking attacks to delete arbitrary users and bypass CSRF protection via account/delete.php.

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
2012-11-18
Medium

CVE-2012-4936

The web interface in Pattern Insight 2.3 allows remote attackers to conduct clickjacking attacks via a FRAME element.

CVSS: 6.8 CWE: N/A View on NVD
2012-11-11
Medium

CVE-2012-5827

Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection."

CVSS: 4.3 CWE: N/A View on NVD
2012-10-10
Medium

CVE-2012-5354

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has multiple menus of SELECT elements active, which allows…

CVSS: 6.8 CWE: N/A View on NVD
2012-07-18
Medium

CVE-2012-1964

The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, T…

CVSS: 4.0 CWE: N/A View on NVD
Medium

CVE-2012-1961

Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values i…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2011-08-10
Medium

CVE-2011-3127

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for (1) admin or (2) login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers…

CVSS: 5.8 CWE: CWE-20 - Improper Input Validation View on NVD
2011-07-27
Medium

CVE-2011-2892

Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2011-07-14
Medium

CVE-2010-4554

functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct click…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2011-04-13
Medium

CVE-2011-1244

Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks…

CVSS: 5.8 CWE: CWE-1021 - Improper Restriction of Rendered UI Layers or Frames View on NVD
2011-01-31
Medium

CVE-2011-0683

Opera before 11.01 does not properly restrict the use of opera: URLs, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

CVSS: 4.3 CWE: CWE-264 View on NVD
2011-01-11
Medium

CVE-2011-0003

MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors.

CVSS: 5.8 CWE: CWE-20 - Improper Input Validation View on NVD
2011-01-10
Medium

CVE-2011-0399

Piwik before 1.1 does not prevent the rendering of the login form inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a craft…

CVSS: 4.3 CWE: N/A View on NVD
2010-08-16
Medium

CVE-2010-2576

Opera before 10.61 does not properly suppress clicks on download dialogs that became visible after a recent tab change, which allows remote attackers to conduct clickjacking attacks, and consequently…

CVSS: 6.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD