CVE Daily
← All tags

Tag: Clickjacking

All CVEs associated with "Clickjacking". Page 3/3 • 248 CVEs.

Subscribe CVEs: RSS for “Clickjacking”  ·  RSS (High+Critical only)

About “Clickjacking”

A curated feed of “Clickjacking”-related CVEs appears below. We currently track 248 CVEs for this tag (all time). In the last 365 days, 29 were published. Average CVSS is 5.4 (all time; 5.2 over 365d), and 8% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-1021 - Improper Restriction of Rendered UI Layers or Frames, CWE-693 - Protection Mechanism Failure, CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').

In our taxonomy this topic maps to a LOW impact class. Common exploitation patterns for this weakness can lead to low. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2009-07-31
Medium

CVE-2009-1867

Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickj…

CVSS: 4.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2009-06-10
Medium

CVE-2009-1681

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allow…

CVSS: 4.3 CWE: N/A View on NVD
2009-02-26
Medium

CVE-2009-0522

Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse poin…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2009-0114

Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visi…

CVSS: 5.8 CWE: N/A View on NVD
2009-01-30
Medium

CVE-2009-0374

Google Chrome 1.0.154.43 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickja…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2009-0369

Microsoft Internet Explorer 7 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Cl…

CVSS: 4.3 CWE: N/A View on NVD
2009-01-22
Medium

CVE-2009-0253

Mozilla Firefox 3.0.5 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Status Bar…

CVSS: 6.8 CWE: N/A View on NVD
2008-10-09
Medium

CVE-2008-4503

The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to cause victims to unknowingly click on a link or dialog via access control dialogs disguised as normal graph…

CVSS: 6.8 CWE: N/A View on NVD